NETGEAR UTM50-100NAS manual
- Consulta online o descarga el manual de instrucciones
- 484 páginas
- 10.43 mb
Ir a la página of
manuales de instrucciones parecidos
-
Network Hardware
NETGEAR XAVB5101-100PAS
25 páginas 1.34 mb -
Network Hardware
NETGEAR A6200-100NAS
2 páginas 0.57 mb -
Network Hardware
NETGEAR WNDAP350-100NAS
136 páginas 2.61 mb -
Network Hardware
NETGEAR RN10400100NAS
120 páginas 3.63 mb -
Network Hardware
NETGEAR XAVB5602-100NAS
12 páginas 1.89 mb -
Network Hardware
NETGEAR XAV5501-100NAS
32 páginas 0.68 mb -
Network Hardware
NETGEAR WG102NA
70 páginas 1.51 mb -
Network Hardware
NETGEAR WN604-100NAS
2 páginas 0.25 mb
Buen manual de instrucciones
Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones NETGEAR UTM50-100NAS. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica NETGEAR UTM50-100NAS o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.
¿Qué es un manual de instrucciones?
El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual NETGEAR UTM50-100NAS se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.
Desafortunadamente pocos usuarios destinan su tiempo a leer manuales NETGEAR UTM50-100NAS, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.
Entonces, ¿qué debe contener el manual de instrucciones perfecto?
Sobre todo, un manual de instrucciones NETGEAR UTM50-100NAS debe contener:
- información acerca de las especificaciones técnicas del dispositivo NETGEAR UTM50-100NAS
- nombre de fabricante y año de fabricación del dispositivo NETGEAR UTM50-100NAS
- condiciones de uso, configuración y mantenimiento del dispositivo NETGEAR UTM50-100NAS
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas
¿Por qué no leemos los manuales de instrucciones?
Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de NETGEAR UTM50-100NAS no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de NETGEAR UTM50-100NAS y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico NETGEAR en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de NETGEAR UTM50-100NAS, como se suele hacer teniendo una versión en papel.
¿Por qué vale la pena leer los manuales de instrucciones?
Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo NETGEAR UTM50-100NAS, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.
Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual NETGEAR UTM50-100NAS. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.
Índice de manuales de instrucciones
-
Página 1
202-10482-02 January 2010 v1.0 NETGEAR , Inc. 350 East Plumeria Drive San Jose, CA 95134 ProSecure Unified Threat Management (UTM) Appliance Reference Manual[...]
-
Página 2
ii v1.0, January 2010 © 2009–2010 by NETGEAR, In c. All rights reserved. T rademarks NETGEAR and the NETGEAR l ogo are registered trademarks and ProSecure and ProSafe are trademarks of NETGEAR, Inc. Microsoft, W i ndows, and W i ndows NT are re gistered trademarks o f Mi crosoft Corporation. Other brand and product names are regist ered trademar[...]
-
Página 3
v1.0, January 2010 iii Federal Of fice for T elecommuni cations Approvals has been notified of the placing of this equipment on the market and has been granted the righ t to test the series for compliance with the regul ations. V olunt ary Control Council for Inte rference (VCCI) S t atement This equipment is in the second category (information equ[...]
-
Página 4
v1.0, January 2 010 iv Open SSL Copyright (c) 1998–2000 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or withou t modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must reta in the above copyright notice, thi s list of conditions, and t[...]
-
Página 5
v1.0, January 2010 v Product and Publication Det ails PPP Copyright (c) 1989 Carnegie Mellon University . All rights reserved. Redistribution and use in source and binary forms are permitted provide d that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other ma t[...]
-
Página 6
v1.0, January 2 010 vi[...]
-
Página 7
vii v1.0, January 2010 Content s ProSecure Unified Threat Management (UTM) Appliance Reference Manual About This Manual Conventions, Formats, and Scope ........................ .................... ................ ................... .. xvii How to Print This Manual ................ ............. ................ ................ ............. ...[...]
-
Página 8
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual viii v1.0, January 2010 Chapter 2 Using the Setup Wizard to Provision t he UTM in Y our Network Understanding the S teps for Initial Connection ........ ................. ............. ................ ........ 2-1 Qualified Web Browsers .. ............. ................ .......[...]
-
Página 9
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual ix v1.0, January 2010 Configuring Secondary WAN Addresses ...... ... ...... ................ ................. ............ .......... 3-17 Configuring Dynamic DNS .. ................ ................ ............. ................ ................ ............. 3-19 Configuring[...]
-
Página 10
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual x v1.0, January 2010 Managing the Application Le vel Gateway for SIP Sessions ............... ................ ... 5-31 Creating Services, QoS Profiles, and Bandwid th Profiles ..... ............. ................ .......... 5-32 Adding Customized Services .................... .[...]
-
Página 11
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual xi v1.0, January 2010 Creating Gateway-to-Gateway VPN Tunnels with the Wizard .................. ............... 7-4 Creating a Client to Gateway VPN T unnel ............. ............. ................ ................ ..... 7-9 T esting the Connections and Viewing S tatus Info[...]
-
Página 12
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual xii v1.0, January 2010 Viewing the UTM SSL VPN Connection S tatus ........ ................... .................... ...... 8-16 Viewing the UTM SSL VPN Log ............. ................... ................ ................... .......... 8-16 Manually Configuring and Editing SSL[...]
-
Página 13
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual xiii v1.0, January 2010 Updating the Scan Signatures and Scan E ngine Firmware ...... ................... ........ 10-21 Configuring Date and T ime Service ... .................... ................ ................... ........... 10-24 Chapter 1 1 Monitoring Syst em Access and P[...]
-
Página 14
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual xiv v1.0, January 2010 T r oubleshooting the ISP Connection ............... ................ ................... ................ .......... 12-5 T roubles hooting a TCP/IP Network Using a Pi ng Utility .. ................ ................ ............. 12-7 T esting the LAN Pat[...]
-
Página 15
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual xv v1.0, January 2010 Firewall Restart ........ ................. ................ ............. ................ ................ ............. .... C-4 IPsec Restart ......... ... ............. .... ... ... ... .... ... ............. ... ... ... .... ... ... ............. ... [...]
-
Página 16
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual xvi v1.0, January 2010[...]
-
Página 17
xvii v1.0, January 2010 About This Manual The NETGEAR ® Pr oSecur e™ Unified Thr eat Management (UTM) Appliance Refer ence Manual describes how to install, configure, and troubl eshoot a ProSecure Unif ied Threat Management (UTM) Appliance. The information in this manual is intended for readers with intermediate computer and networking skills. C[...]
-
Página 18
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual xviii v1.0, January 2010 • Scope . This manual is written for the UTM according to these specifications: For more information abou t network, Internet, firewall, and VP N technologies, c lick the links to the NETGEAR W ebsite in Appendix E, “Relate d Documents .” How to Pr[...]
-
Página 19
1-1 v1.0, January 2010 Chapter 1 Introduction This chapter provides an overvi ew of the features and capabilities of the ProSecure Unified Threat Management (UTM) Appliance . This ch apter contains the following sec tions: • “What Is the ProSecure Unified Th reat Management (UTM) Appliance? ” on this page . • “Key Features and Capabilitie[...]
-
Página 20
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 1-2 Introduction v1.0, January 2010 Key Features and Cap abilities The UTM provides the following key features and capabilities: • For the single-W AN port models, a single 10/100/1 000 Mbps Gigabit Ethernet W AN port. For the dual-W AN port models, dual 10/100/100 0 Mbp s Gi [...]
-
Página 21
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Introduction 1-3 v1.0, January 2010 Dual-W AN Port Models for Increased Reliability or Outbound Load Balancing The UTM pr oduct line of fers mo dels with two b roadband W AN ports. The second W AN port allows you to connect a sec on d broadband Intern et line that can be configu[...]
-
Página 22
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 1-4 Introduction v1.0, January 2010 A Powerful, T rue Firewall Unlike simple Internet sharing NA T routers, the UTM is a true firewall, using stateful packet inspection (SPI) to defend against hacker atta cks. Its firewall features have the following capabilities: • DoS protec[...]
-
Página 23
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Introduction 1-5 v1.0, January 2010 • Objectionable traffic protection . The UTM preven ts objectionable content from reaching your computers. Y ou can control access to the In ternet content by screening for W eb services, W eb addresses, and keywords within W eb addresse s. [...]
-
Página 24
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 1-6 Introduction v1.0, January 2010 Extensive Protocol Support The UTM supports the T ransmission Control Protocol/Internet Protocol (TCP/IP) and Routin g Information Protocol (RIP). For further information about TCP/IP , see “Internet Configuration Requirements” on page B-3[...]
-
Página 25
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Introduction 1-7 v1.0, January 2010 • SSL VPN W izard . The UTM includes the NETGEAR SSL VPN W izard to easily configure SSL connections over VPN according to the r ecommendations of the VP NC to ensure the SSL connections are interoperable with other VPNC-compliant VPN router[...]
-
Página 26
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 1-8 Introduction v1.0, January 2010 Service Registration Card with License Keys Be sure to store the license key card that came wi th your UTM in a se cu re location. Y ou do need these keys to activate your product during the initial setup. USB ports 1 1 1 Console ports (RS232)[...]
-
Página 27
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Introduction 1-9 v1.0, January 2010 Package Content s The UTM product package co ntains the following items: • ProSecure Unified Threat Managemen t (UTM) Appliance. • One AC power cable. • Rubber feet (4). • One rack-mounting k it (depends on UTM model). • Pr oSecur e [...]
-
Página 28
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 1-10 Introduction v1.0, January 2010 Hardware Features The front panel ports and LEDs, rear pa nel ports, and bottom label of the UTM are des cribe d below . Front Panel V iewed from left to right, the UTM front panel contains the following ports (see Figure 1-2 on page 1-10 , w[...]
-
Página 29
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Introduction 1-11 v1.0, January 2010 The function of each LED is described in Ta b l e 1 - 2 . Note: Figure 1-2 shows a dual-W AN port model (the UTM25). Single-W AN port models contain the left W AN port that is shown in Figure 1-2 but no right W AN port nor any Active W AN LED[...]
-
Página 30
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 1-12 Introduction v1.0, January 2010 Rear Panel The rear panel of the UTM includes a cable lock receptacle, a console port, a reset button, and an AC power connection. V iewed from left to right, the rear pa nel contains the fo llowing components: 1. Cable security lock receptac[...]
-
Página 31
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Introduction 1-13 v1.0, January 2010 Figure 1-4 shows the product label for the UTM5. Figure 1-5 shows the product label for the UTM10. Figure 1-4 Figure 1-5[...]
-
Página 32
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 1-14 Introduction v1.0, January 2010 Figure 1-6 shows the product label for the UTM25. Choosing a Location for the UTM The UTM is suitable for use in an of fice enviro nment where it can be free- standing (on its runner feet) or mounted into a standard 19-inch eq u ipment rack. [...]
-
Página 33
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Introduction 1-15 v1.0, January 2010 • T emperature operating limits are not likely to be exceeded. Install the unit in a clean, air- conditioned environment. For informatio n abou t the recommended operating t emperatures for the UTM, see Appendix A, “Default Settings and T[...]
-
Página 34
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 1-16 Introduction v1.0, January 2010[...]
-
Página 35
2-1 v1.0, January 2010 Chapter 2 Using the Setup Wizard to Provision the UTM in Y our Network Underst anding the Step s for Initial Connection T ypically , the UTM is installed as a network ga teway to function as a combined LAN switch, firewall, and content scan engine in or de r to pr otect the network from all in coming and outgoin g malware thr[...]
-
Página 36
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 2-2 Using the Setup Wizard to Provision the UTM in You r Network v1.0, January 2010 Qualified W e b Browsers T o configure the UTM, you must use a W eb brow ser such as Microsoft Internet Explorer 6 or higher , Mozilla Firefox 3 or hig her , or Apple Sa fari 3 or higher with Jav[...]
-
Página 37
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Using the Setup Wizard to Prov is ion the UTM in Your Network 2-3 v1.0, January 2010 3. In the User field, type admin . Use lower case letters. 4. In the Password field, type password . Here too, use lower case letters. Figure 2-1 Note: The first time that you remotely connect t[...]
-
Página 38
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 2-4 Using the Setup Wizard to Provision the UTM in You r Network v1.0, January 2010 5. Click Login. The W eb Management Interface appears, displaying the System Status screen. ( Figure 2-2 on page 2-4 shows the top part of a dual-W AN port model screen . For information about th[...]
-
Página 39
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Using the Setup Wizard to Prov is ion the UTM in Your Network 2-5 v1.0, January 2010 Underst anding the Web Ma nagement Interfa ce Menu Layout Figure 2-3 shows the menu at the top of a dual-W AN port mo del’ s W eb Manage ment Interface (in this example, the UTM25). The single[...]
-
Página 40
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 2-6 Using the Setup Wizard to Provision the UTM in You r Network v1.0, January 2010 The bottom of each screen provid es action buttons. The nature of the screen determines which action buttons are shown. Figure 2-4 shows an example. Any of the following action buttons might be d[...]
-
Página 41
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Using the Setup Wizard to Prov is ion the UTM in Your Network 2-7 v1.0, January 2010 • Down . Move down the select ed entry in the table. • Apply . Apply the selected entry . Almost all screens and sections of screens have an accompanyning help scre en. T o open the help scr[...]
-
Página 42
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 2-8 Using the Setup Wizard to Provision the UTM in You r Network v1.0, January 2010 Setup Wizard S tep 1 of 10: LAN Settings Enter the settings as explained in T able 2 -1 o n page 2-9 , then click Next to go the following screen. Figure 2-7 Note: In this first step, you are act[...]
-
Página 43
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Using the Setup Wizard to Prov is ion the UTM in Your Network 2-9 v1.0, January 2010 T able 2-1. Setup Wizar d St ep 1: LAN Set tings Setting Description (or Subfield and Des cription) LAN TCP/IP Setup IP Address Enter the IP address of the UT M’s default VLAN (the factory def[...]
-
Página 44
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 2-10 Using the Setup Wizard to Pr ovision the UTM in Your Network v1.0, January 2010 Enable DHCP Server (continued) Primary DNS Server This is optional. If an IP addre ss is specified, the UTM provi des this address as th e primary DNS server IP address. If n o address is specif[...]
-
Página 45
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Using the Setup Wizard to Prov is ion the UTM in Your Network 2 -11 v1.0, January 2010 Setup Wizard S tep 2 of 10: W AN Settings Enter the settings as explained in T able 2 -2 o n page 2-1 2 , then click Next to go t he following screen. DNS Proxy Enable DNS Proxy This is option[...]
-
Página 46
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 2-12 Using the Setup Wizard to Pr ovision the UTM in Your Network v1.0, January 2010 Note: Click the Auto Detect action button at the bottom of the menu. The auto-dete ct process probes the W AN port for a range of connection methods and suggests one that your ISP is most likely[...]
-
Página 47
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Using the Setup Wizard to Prov is ion the UTM in Your Network 2 -13 v1.0, January 2010 Austria (PPTP) (continued) Idle T imeout Select the Keep Connected radio bu tton to keep the connection always on. T o log out after the connection is idle for a period of time, select the Idl[...]
-
Página 48
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 2-14 Using the Setup Wizard to Pr ovision the UTM in Your Network v1.0, January 2010 Setup Wizard S tep 3 of 10: System Date and Time Enter the settings as explained in T able 2 -3 o n page 2-1 5 , then click Next to go t he following screen. Use These DNS Servers If your ISP ha[...]
-
Página 49
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Using the Setup Wizard to Prov is ion the UTM in Your Network 2 -15 v1.0, January 2010 T able 2-3. Setup Wizard S tep 3: Syst em Da te and T ime Settings Setting Description (or Subfield and Des c ri pti on ) Set Time, Date and NTP Servers Date/T ime From the pull-down men u, se[...]
-
Página 50
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 2-16 Using the Setup Wizard to Pr ovision the UTM in Your Network v1.0, January 2010 Setup Wizard S tep 4 of 10: Services Enter the settings as explained in T able 2 -4 o n page 2-1 7 , then click Next to go t he following screen. Figure 2-10 Note: After you have completed the s[...]
-
Página 51
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Using the Setup Wizard to Prov is ion the UTM in Your Network 2 -17 v1.0, January 2010 Ta b l e 2 - 4 . S e t u p W i z a r d S t ep 4: Services Settings Setting Description (or Sub field and Description) Email SMTP SMTP scanning is enab led by default on standard service port 2[...]
-
Página 52
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 2-18 Using the Setup Wizard to Pr ovision the UTM in Your Network v1.0, January 2010 Setup Wizard S tep 5 of 10: Email Security Enter the settings as explained in Ta b l e 2 - 5 , then click Next to go the following screen. Figure 2-1 1 Note: After you have completed the steps i[...]
-
Página 53
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Using the Setup Wizard to Prov is ion the UTM in Your Network 2 -19 v1.0, January 2010 Setup Wizard S tep 6 of 10: Web Security Enter the settings as explained in T able 2 -6 o n page 2-2 0 , then click Next to go t he following screen. IMAP From the IMAP pull-down menu , speci [...]
-
Página 54
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 2-20 Using the Setup Wizard to Pr ovision the UTM in Your Network v1.0, January 2010 Note: After you have completed the steps in th e Setup W izard, you can make changes to the W eb security settings by selecting Application Security > HTTP/HTTPS > Malware Scan . The Malwa[...]
-
Página 55
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Using the Setup Wizard to Prov is ion the UTM in Your Network 2 -21 v1.0, January 2010 Setup Wizard S tep 7 of 10: Web Categories to Be Blocked Figure 2-13[...]
-
Página 56
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 2-22 Using the Setup Wizard to Pr ovision the UTM in Your Network v1.0, January 2010 Enter the settings as explained in Ta b l e 2 - 7 , then click Next to go the following screen. Note: After you have completed the steps in th e Setup W izard, you can make changes to the conten[...]
-
Página 57
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Using the Setup Wizard to Prov is ion the UTM in Your Network 2 -23 v1.0, January 2010 Setup Wizard S tep 8 of 10: Email Notification Enter the settings as explained in Ta b l e 2 - 8 , then click Next to go the following screen. Figure 2-14 Note: After you have completed the st[...]
-
Página 58
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 2-24 Using the Setup Wizard to Pr ovision the UTM in Your Network v1.0, January 2010 Setup Wizard S tep 9 of 10: Signatures & Engine Enter the settings as explained in T able 2 -9 o n page 2-2 5 , then click Next to go t he following screen. Figure 2-15 Note: After you have [...]
-
Página 59
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Using the Setup Wizard to Prov is ion the UTM in Your Network 2 -25 v1.0, January 2010 Setup Wizard S tep 10 of 10 : Saving the Configuration Click Apply to save your settings and auto matically restart the system. T able 2 -9. Setup Wizard St ep 9: Signatu res & Engine Sett[...]
-
Página 60
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 2-26 Using the Setup Wizard to Pr ovision the UTM in Your Network v1.0, January 2010 V erifying Proper Inst allation T est the UTM before deploying it in a live pro duction environment. The following instruct ions walk you through a couple of quic k tests that are designed to en[...]
-
Página 61
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Using the Setup Wizard to Prov is ion the UTM in Your Network 2 -27 v1.0, January 2010 If your UTM is connected to the Intern et, you can activate the service licenses: 1. Select Support > Registration . The Registration sc re en disp lays. 2. Enter the license key in the Reg[...]
-
Página 62
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 2-28 Using the Setup Wizard to Pr ovision the UTM in Your Network v1.0, January 2010 5. Repeat step 2 and step 4 for additional license keys. The UTM activates the licenses and registers th e unit with the NETGEAR registration server . What to Do Next Y ou have completed setting[...]
-
Página 63
3-1 v1.0, January 2010 Chapter 3 Manually Configuring Internet and W AN Settings This chapter contains the following sections: • “Understanding the Internet and W AN Configuration T asks ” on this page. • “Configuring the Internet Connection s” on page 3-2 . • “Configuring the W AN Mode (Required for Du al-W AN Port Models Only)” [...]
-
Página 64
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 3-2 Manually Configuring Interne t and WAN Settings v1.0, January 2010 4. Configure dynamic DNS on the W AN ports (optional) . Co nfigure your fully qualified domain names during this phase (if required). See “Configuri ng Dynamic DNS ” on page 3-19 . 5. Configure the W AN o[...]
-
Página 65
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Manually Configuring In ternet and WAN Settings 3-3 v1.0, January 2010 2. Click the Auto Detect action button at the b ottom of the menu. The auto-det ect process probes the W AN port for a range of conn ection methods and suggests one that your ISP is most likely to support. ( [...]
-
Página 66
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 3-4 Manually Configuring Interne t and WAN Settings v1.0, January 2010 The auto-detect process will retu rn one of the following results: • If the auto-detect process is successful, a stat us bar at the top of the menu displays the results (see the red text in Figure 3-2 on pa[...]
-
Página 67
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Manually Configuring In ternet and WAN Settings 3-5 v1.0, January 2010 The W AN Status window should show a valid IP address and gateway . If the configuration was not successful, skip ahead to “Manually Configuring the Internet Connection ” on this page , or see “T rouble[...]
-
Página 68
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 3-6 Manually Configuring Interne t and WAN Settings v1.0, January 2010 T o manually configure the W AN1 ISP (dual-W AN port models) or W AN ISP (single-W AN port models) settings: 1. On a dual-W AN port model, select Network Configuration > W AN Settings > W AN1 ISP Settin[...]
-
Página 69
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Manually Configuring In ternet and WAN Settings 3-7 v1.0, January 2010 5. If your connection is PPTP or PPPoE, your ISP requires an initial login. Enter the sett ings as explained in Ta b l e 3 - 2 . T able 3-2. PPTP and PPPoE Settings Setting Description (or Subfield an d Des c[...]
-
Página 70
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 3-8 Manually Configuring Interne t and WAN Settings v1.0, January 2010 6. Configure the Internet (IP) Ad dress settings as explained in Ta b l e 3 - 3 . Click the Current IP Address link to see the currently assigned IP address. 7. Configure the Domain Name Server (D NS) servers[...]
-
Página 71
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Manually Configuring In ternet and WAN Settings 3-9 v1.0, January 2010 8. Click T est to evaluate your entries. The UTM attempts to make a connection acco rding to the settings that you entered. 9. Click Apply to save any changes to the W AN1 ISP settings of a dual-W AN port mod[...]
-
Página 72
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 3-10 Manually Configuring Interne t and WAN Settings v1.0, January 2010 If you want to use a redundant I SP link for backup purposes, select the W AN port that must act as the primary link for this mode. Ensure that th e backup W AN port has also been configured and that you con[...]
-
Página 73
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Manually Configuring In ternet and WAN Settings 3-11 v1.0, January 2010 Classical Routing (All Models) In classical routing mode, the UTM performs rout ing, but without NA T . T o gain Internet ac cess, each PC on your LAN must have a va lid static Internet IP address. If your I[...]
-
Página 74
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 3-12 Manually Configuring Interne t and WAN Settings v1.0, January 2010 T o configure the dual-W AN ports for auto-rollover mode: 1. Select Network Config > W AN Settings from the menu, then click the WA N M o d e tab. The W A N Mode screen displays. 2. Enter the settings as [...]
-
Página 75
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Manually Configuring In ternet and WAN Settings 3-13 v1.0, January 2010 W AN Failure Detection Method Select one of the following de te ction failure methods: DNS lookup using W AN DNS Servers DNS queries are sent to the DNS serve r configured on the WAN ISP p ages (see “Confi[...]
-
Página 76
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 3-14 Manually Configuring Interne t and WAN Settings v1.0, January 2010 3. Click Apply to save your settings. When a rollover occu rs, you can configure the UTM to generate a notificati on e-mail to a specified address (see “Configuring and Activating System, E-mail, and Syslo[...]
-
Página 77
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Manually Configuring In ternet and WAN Settings 3-15 v1.0, January 2010 a. Figure 3-9 shows one example in the Prot ocol Binding table. Config ure the protocol binding settings as explained in Ta b l e 3 - 6 . Figure 3-9 T able 3-6. Protocol Binding Settings (Dual-W AN Port Mode[...]
-
Página 78
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 3-16 Manually Configuring Interne t and WAN Settings v1.0, January 2010 b. Click the Add table button in the rightmo st column to add the protocol binding rule to the Protocol Binding table. The rule is automati cally enabled, which is indicated by the “!” status icon that d[...]
-
Página 79
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Manually Configuring In ternet and WAN Settings 3-17 v1.0, January 2010 Configuring Secondary W AN Addresses A single W AN Ethernet port can be accessed through multiple IP addresses by adding aliases to the port. An alias is a secondary W AN address. On e advantage is, for exam[...]
-
Página 80
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 3-18 Manually Configuring Interne t and WAN Settings v1.0, January 2010 T o add a secondary W AN address to a W AN port: 1. Select Network Config > W AN Settings from the menu. On a dual-W AN port model, the W AN Settings submenu tabs appear with the W A N1 ISP Settings scree[...]
-
Página 81
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Manually Configuring In ternet and WAN Settings 3-19 v1.0, January 2010 Configuring Dynamic DNS Dynamic DNS (DDNS) is an Internet servic e that allows devices with varying public IP addresse s to be located using Intern et domain names. T o use DDNS, you mu st set up an account [...]
-
Página 82
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 3-20 Manually Configuring Interne t and WAN Settings v1.0, January 2010 The W AN Mode section on screen re ports the curr ently configured W AN mode. (For the dual- W AN port models, for example, Single Port W AN1, Load Balancing, or Au to Rollov er .) Only those options that ma[...]
-
Página 83
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Manually Configuring In ternet and WAN Settings 3-21 v1.0, January 2010 4. Click the Information option arro w in the upper right corner of a DNS screen for registration information. 5. Access the W eb site of the DDNS service provider and register for an account (for example, f[...]
-
Página 84
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 3-22 Manually Configuring Interne t and WAN Settings v1.0, January 2010 7. Click Apply to save y our configuration. Configuring Advanced W AN Options The advanced opti ons include config uration of the maximum transmission unit (MTU) size, port speed, UTM’ s MAC address, and s[...]
-
Página 85
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Manually Configuring In ternet and WAN Settings 3-23 v1.0, January 2010 3. Enter the default informatio n settings as explained in Ta b l e 3 - 8 . T able 3-8. Advanced W AN Settings Setting Description (or Subfield and Des cription) MTU Size Make one of the following sele cti o[...]
-
Página 86
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 3-24 Manually Configuring Interne t and WAN Settings v1.0, January 2010 4. Click Apply to save your changes. Additional W AN-Relate d Configuration T asks • If you want the ability to manage the UTM remotely , enable remo te management (see “Configuring Remote Management Acc[...]
-
Página 87
4-1 v1.0, January 2010 Chapter 4 LAN Configuration This chapter describes how to configure the adva nced LAN features of your UTM. This chapter contains the following sections: • “Managing V irtual LANs and DHCP Options ” on this page. • “Configuring Multi-Home LAN IPs on the Default VLAN” on page 4-1 1 . • “Managing Groups and Host[...]
-
Página 88
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 4-2 LAN Configuration v1.0, January 2010 VLANs have a number of advantages: • It is easy to set up network segmentation. Users who communicate most frequently with each other can be grouped into common VLANs, rega rdless of physical location. Each group’ s traffic is contain[...]
-
Página 89
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual LAN Configuration 4-3 v1.0, January 2010 When you create a VLAN profile, assign LAN ports to the VLAN, and enable the VLAN, the LAN ports that are member of the VLAN can send and receive both tagged and untagged packets. Untagged packets that en ter these LAN ports are assigned [...]
-
Página 90
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 4-4 LAN Configuration v1.0, January 2010 For each VLAN profile, the following fields are displayed in the VLAN Profiles table: • Checkbox . Allows you to select the VLAN profile in the table. • S tatus Icon . Indicates the status of the VLAN profile: – Green circle: the VL[...]
-
Página 91
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual LAN Configuration 4-5 v1.0, January 2010 The UTM delivers the following settings to any LAN device that requests DHCP: • An IP addr ess from the range that you have defin ed • Subnet mask • Gateway IP address (the UTM’ s LAN IP addre ss) • Primary DNS server (the UTM?[...]
-
Página 92
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 4-6 LAN Configuration v1.0, January 2010 LDAP Server A Lightweight Directory Access Protocol (LDAP) server allows a user to query and modify directory services that run over TCP/IP . For exam ple, clients can query email addresses, contact information, and othe r s ervice inform[...]
-
Página 93
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual LAN Configuration 4-7 v1.0, January 2010 2. Either select an entry from the VLAN Pr ofiles table by clicki ng the corresponding Edit table button or add a new VLAN profile by clicking the Add table button under the VLAN Profiles table. The Edit VLAN Profile screen displays (see [...]
-
Página 94
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 4-8 LAN Configuration v1.0, January 2010 3. Enter the settings as explained in Ta b l e 4 - 1 . T able 4-1. VLAN Profile Settings Setting Description (or Sub field and Description) VLAN Profile Profile Name Enter a unique name for the VLAN profile. Note : Y ou can also change th[...]
-
Página 95
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual LAN Configuration 4-9 v1.0, January 2010 Enable DHCP Server (continued) S tarting I P Address Enter the starting IP address. T his address specifies the first of the contiguous addresses in the IP address po ol. Any new DHCP client joinin g the LAN is assigned an IP address betw[...]
-
Página 96
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 4-10 LAN Configuration v1.0, January 2010 4. Click Apply to save your settings. Enable LDAP information (continued) Search Base The search objects that sp e cify the location in the directory tree from which the LDAP sear ch begin. Y ou can specify multiple search obje ct, sepa [...]
-
Página 97
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual LAN Configuration 4-11 v1.0, January 2010 Configuring Multi-Home LA N IPs on the Default VLAN If you have computers usin g dif ferent IP networks in the LAN, (for examp le, 172.16.2.0 or 10.0.0.0), you can add aliases to the LAN ports and give computer s on those networks access[...]
-
Página 98
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 4-12 LAN Configuration v1.0, January 2010 3. In the Add Secondary LAN IPs section of the screen, enter the following settings: • IP Address . Enter the secondary address that yo u want to assign to t he LAN ports. • Subnet Mask . Enter the subnet mask fo r the secondary IP a[...]
-
Página 99
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual LAN Configuration 4-13 v1.0, January 2010 Some advantages of the Network Database are: • Generally , you do not need to enter either IP address or MAC addresses. Instead, you can just select the name of the desired PC or device. • There is no need to reserve an IP addres s f[...]
-
Página 100
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 4-14 LAN Configuration v1.0, January 2010 The Known PCs and Devices table lists the entries in the Network Database. For each PC or device, the following fields are display ed : • Checkbox . Allows you to select the PC or device in the table. • Name . The name of the PC or d[...]
-
Página 101
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual LAN Configuration 4-15 v1.0, January 2010 Adding PCs or Devices to the Network Dat abase T o add PCs or devices manua lly to the Network Database: 1. In the Add Known PCs and Devices section of the LAN Groups screen (see Figure 4-5 on page 4- 14 ), enter the settings as explaine[...]
-
Página 102
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 4-16 LAN Configuration v1.0, January 2010 Editing PCs or Devices in the Network Dat abase T o edit PCs or de vic es manua lly in the Network Database: 1. In the Known PCs and Devices table of the LAN Groups screen (see Figure 4-5 on page 4-14 ), click the Edit table button of a [...]
-
Página 103
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual LAN Configuration 4-17 v1.0, January 2010 3. Click the Edit Group Names opti on arrow at the right of th e LAN submenu tabs . The Network Database Group Names screen displays. ( Figure 4-7 shows some examples.) 4. Select the radio button next to any group name to enable editing.[...]
-
Página 104
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 4-18 LAN Configuration v1.0, January 2010 T o reserve an IP address, select Reserved (DHCP Client) from the IP Address T ype pull-down menu on the LAN Groups screen a s described in “Adding PCs or Devices to the Networ k Database” on page 4-15 or on the Edit Groups and Hos t[...]
-
Página 105
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual LAN Configuration 4-19 v1.0, January 2010 T o enable and conf igure the DMZ port: 1. Select Network Config > DMZ Setup from the menu. The DMZ Setup screen displays. 2. Enter the settings as explained in T able 4 -3 o n page 4-2 0 . Figure 4-8[...]
-
Página 106
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 4-20 LAN Configuration v1.0, January 2010 T able 4-3. DMZ Setup Settings Setting Description (or Sub field and Description) DMZ Port Setup Do you want to enable DMZ Port? Select one of the foll owing radio bu ttons: • Ye s . Enables you to configure the DMZ port settings. Ente[...]
-
Página 107
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual LAN Configuration 4-21 v1.0, January 2010 Enable DHCP Server (continued) Primary DNS Server This is optional. If an IP address is specified, the UTM provides this address as the primary DNS server IP address. If no address is specified, the UTM provides its own LAN IP address as[...]
-
Página 108
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 4-22 LAN Configuration v1.0, January 2010 3. Click Apply to save your settings. T o define the DMZ W AN Rules and LAN DMZ Rules, see “Setting DMZ W AN Rules” on page 5-15 and “Setting LAN DMZ Rules” on page 5-19 , respectively . Managing Routing Stat ic Routes provide ad[...]
-
Página 109
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual LAN Configuration 4-23 v1.0, January 2010 Configuring St atic Routes T o add a static route to the S tatic Route table: 1. Select Network Config > Routing from the menu. The Routing screen displays. 2. Click the Add table button under the S tatic Routes table. The Add S tatic[...]
-
Página 110
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 4-24 LAN Configuration v1.0, January 2010 3. Enter the settings as explained in Ta b l e 4 - 4 . 4. Click Apply to save your settings. The new static rout e is added to the S tatic Route table. T o edit a static route that is in the Static Route table: 1. Select its entry from t[...]
-
Página 111
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual LAN Configuration 4-25 v1.0, January 2010 T o enable and configure RIP: 1. Select Network Configuration > Routing from the menu. 2. Click the RIP Configuration option arrow at the rig ht of the Routi ng submenu tab. Th e RIP Configuration screen displays. 3. Enter the setting[...]
-
Página 112
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 4-26 LAN Configuration v1.0, January 2010 T able 4-5. RIP Configuration Settings Setting Description (or Subfie ld and Description) RIP RIP Directi on From the RIP Direction pull-down menu , select the direct ion in which the UTM sends and receives RIP packet s: • None . The n[...]
-
Página 113
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual LAN Configuration 4-27 v1.0, January 2010 4. Click Apply to save your settings. S t atic Route Example In this example, we assume the following: • The UTM’ s primary Internet access is through a cable modem to a n ISP . • The UTM is o n a local LAN with IP address is 192.1[...]
-
Página 114
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 4-28 LAN Configuration v1.0, January 2010[...]
-
Página 115
5-1 v1.0, January 2010 Chapter 5 Firewall Protection This chapter describes how to use the firewall featur es of the UTM to protect your network. This chapter contains the following sections: • “About Firewall Protection ” on this page. • “Using Rules to Block or Allow Sp ecific Kinds of Traf fic ” on page 5-3 . • “Configuring Other[...]
-
Página 116
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-2 Firewall Pr otection v1.0, January 2010 Administrator T ip s Consider the following operational items: 1. As an option, you can en able remote manageme nt if you have to manage distan t sites from a central location (see “Configuring VPN Auth entication Domain s, Gr oups, [...]
-
Página 117
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-3 v1.0, January 2010 Using Rules to Block or Allo w S pecific Kinds of T raffic Firewall rules are used to block or allow specific traf fic passing thro ugh from one sid e to the other . Y ou can configure up to 800 rules on the UTM. Inbound rules (W AN to [...]
-
Página 118
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-4 Firewall Pr otection v1.0, January 2010 • Quality of Service (QoS) priorities . Each service has its own nativ e priority that impacts its quality of performance and tole rance for jitter or delays. Y ou can change the QoS priority , which changes the traffic mi x through [...]
-
Página 119
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-5 v1.0, January 2010 T able 5-2. Outbound Rules Overview Setting Description (or Subfie ld and Description) Service The service or application to be covered by this rule. If the service or applicatio n does not appear in the list, you must defi ne it using [...]
-
Página 120
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-6 Firewall Pr otection v1.0, January 2010 Inbound Rules (Port Forwarding) If you have enabled Network Address T ranslation (NA T), your network presents only one IP address to the Internet and outside users cannot directly address any of your local computers. However , by defi[...]
-
Página 121
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-7 v1.0, January 2010 Whether or not DHCP is enable d, how the PCs accesse s the server ’ s LAN address impacts the inbound rules. For example: • If your external IP address is assigned dy namically by your ISP (DHCP enabled), the IP address might change[...]
-
Página 122
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-8 Firewall Pr otection v1.0, January 2010 . T able 5-3. Inbound Rules Overview Setting Description (or Subfie ld and Description) Service The service or application to be covered by this rule. If the service or applicatio n does not appear in the list, you must defi ne it usin[...]
-
Página 123
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-9 v1.0, January 2010 LAN Users The setti ngs that d etermine wh ich comput ers on your network ar e af fected by this rule. The options are: • Any . All PCs and devices on your LAN. • Single address. Enter the required address to apply the rule to a sin[...]
-
Página 124
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-10 Firewall Pr otection v1.0, January 2010 Log The settings that determines whether packe ts covered by this rule are logged. The options are: • Always. Always log traffic considered by this rule, whether it matches or not. This is useful when debugging your rules. • Never[...]
-
Página 125
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-11 v1.0, January 2010 Order of Precedence for Rules As you define new rules, they are added to the tabl es in the Rules screen as the last item in the list, as shown in the LAN W AN Rules screen example in Figure 5-1 . For any traffic attempting to pass thr[...]
-
Página 126
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-12 Firewall Pr otection v1.0, January 2010 Setting LAN W AN Rules The default outbound policy is to allow all traffic to the Internet to pass th rough. Firewall rules can then be applied to block specific types of tr affic from going out from th e LAN to the Internet (outbound[...]
-
Página 127
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-13 v1.0, January 2010 T o make changes to an existing outbound or inbo und service rule, in the Action column to the right of to the rule, click on of the following table buttons: • Edit . Allows yo u to make any changes to the rule definit ion of an exis[...]
-
Página 128
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-14 Firewall Pr otection v1.0, January 2010 T o create a new outbound LAN W AN service rule: 1. In the LAN W AN Rules screen, click the Add table button u nder the Outbound Services table. The Add LAN W AN Outbound Service screen displays. 2. Enter the settings as explained in [...]
-
Página 129
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-15 v1.0, January 2010 T o create a new inbound LAN W AN service rule: 1. In the LAN W AN Rules screen, click the Add table button under the Inb ound Services tab le. The Add LAN W AN Inbound Service sc reen displays. 2. Enter the settings as explained in T [...]
-
Página 130
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-16 Firewall Pr otection v1.0, January 2010 T o access the DMZ W AN Rules scree n: 1. Select Network Security > Firewall from the menu. The Firewall submenu tabs appear . 2. Click the DMZ W AN Rules submenu tab. The DMZ W AN Rules screen dis plays. ( Figure 5-5 shows a rule [...]
-
Página 131
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-17 v1.0, January 2010 2. Click one of the fo llowi ng table buttons: • Disable . Disables the rule or rules. The “!” stat us icon changes from a gree n circle to a grey circle, indicating that the rule is or ru les are disabled. (By default, when a ru[...]
-
Página 132
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-18 Firewall Pr otection v1.0, January 2010 DMZ W AN Inbound Services Rules The Inbound Ser vic es tab le lis ts al l existing rules for inbound traf fi c. If you ha ve not defined any rules, no rules are listed. By de fault, all inbound traf fic (from the Internet to the DMZ) [...]
-
Página 133
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-19 v1.0, January 2010 Setting LAN DMZ Rules The LAN DMZ Rules screen allows you to create rules that define the movement of traffic between the LAN and the DMZ. Th e default outbound and inbound policies are to allow all traffic between the local LAN and DM[...]
-
Página 134
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-20 Firewall Pr otection v1.0, January 2010 • Up . Moves the rule up one position in the table rank. • Down . Moves the rule down one position in the table rank. T o delete or disable one or more rules: 1. Select the checkbox to the left of the rule that you want to delete [...]
-
Página 135
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-21 v1.0, January 2010 2. Enter the settings as explained in T able 5 -2 o n page 5-5 . 3. Click Apply . The new rule is now adde d to the Outbound Services table. The rule is automatically enabled. LAN DMZ Inbound Services Rules The Inbound Ser vic es tab l[...]
-
Página 136
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-22 Firewall Pr otection v1.0, January 2010 Inbound Rules Examples LAN W AN Inbound Rule: Hosting A Local Public W eb Server If you host a public W eb server on your local network, you can define a rule to allow inbound W eb (HTTP) requests from any outside IP address to the IP[...]
-
Página 137
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-23 v1.0, January 2010 LAN W AN or DMZ W A N Inbound Rule: Setting Up One-to-One NA T Mapping In this example, we will configure multi-NA T to support multiple public IP addresses on one W AN interface. By creating an inbound rule, we will conf igure the UTM[...]
-
Página 138
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-24 Firewall Pr otection v1.0, January 2010 T o configure the UTM for additional IP addresses: 1. Select Network Security > Firewall from the menu. The Firewall submenu tabs appear . 2. If your server is to be on your LAN, sele ct the LAN W AN Rules submenu tab. (This is the[...]
-
Página 139
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-25 v1.0, January 2010 6. In the Send to LAN Server field, enter the loca l IP address of your W eb serve r PC (192.168.1.2 in this example). 7. For the dual-W AN port models only: from the W AN Destinatio n IP Address pull-down menu, select the W eb server [...]
-
Página 140
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-26 Firewall Pr otection v1.0, January 2010 Outbound Rules Example Outbound rules let you prevent users from using applications such as Instant Messenger , Real Audio, or other non-essential sites. LAN W AN Outbound Rule: Blocking Inst ant Messenger If you want to block Instant[...]
-
Página 141
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-27 v1.0, January 2010 Configuring Other Firewall Features Y ou can configure attack checks, set session lim its, and manage the App lication Level Gateway (ALG) for SIP sessions. Att ack Checks The Attack Checks screen allows you to spec ify whether or not [...]
-
Página 142
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-28 Firewall Pr otection v1.0, January 2010 2. Click the Attack Checks submenu tab. The Attack Checks screen displays. 3. Enter the settings as explained in Ta b l e 5 - 4 . Figure 5-16 T able 5-4. Attack Checks Sett ings Setting Description (or Subfie ld and Description) W AN [...]
-
Página 143
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-29 v1.0, January 2010 4. Click Apply to save your settings. LAN Security Checks. Block UDP flood Select the Block UDP flood checkbox to prevent the UTM from accepting more than 20 simultaneous, active UDP connections from a single d evice on the LAN. By def[...]
-
Página 144
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-30 Firewall Pr otection v1.0, January 2010 Setting Session Limit s Session limits allows you to specify the total number of sessions that are allowed, per user , over an IP connection across the UTM. The Session Limit feature is disabled by de fault. T o enable and configure t[...]
-
Página 145
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-31 v1.0, January 2010 5. Click Apply to save your settings. Managing the Application Le vel Gateway for SIP Sessions The Application Level Gateway (A LG) facilitates multimedia sessi ons such as voice over IP (V oIP) sessions that use the Session Initiation[...]
-
Página 146
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-32 Firewall Pr otection v1.0, January 2010 3. Select the Enable SIP checkbox. 4. Click Apply to save your settings. Creating Services, QoS Profiles, and Bandwid th Profiles When you create inbound and outbou nd firewall rules, you use firewall objects such as services, QoS pro[...]
-
Página 147
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-33 v1.0, January 2010 For example, W eb servers serve W eb pages, time servers serve time and date information, and game hosts serve da ta about other play ers’ move s. When a computer on the Internet sends a request for service to a server computer , the[...]
-
Página 148
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-34 Firewall Pr otection v1.0, January 2010 2. In the Add Customer Service section of the screen, enter the settings as explained in Ta b l e 5 - 6 . 3. Click Apply to save your settings. The new custom ser vice is added to th e Custom Services table. T o edit a service: 1. In [...]
-
Página 149
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-35 v1.0, January 2010 2. Modify the settings that you wish to change (see T able 5-6 on page 5-34 ). 3. Click Apply to save your changes. The modified servic e is displayed in th e Custom Services table. Creating Quality of Service (QoS) Profiles A quality [...]
-
Página 150
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-36 Firewall Pr otection v1.0, January 2010 T o create a QoS profile: 1. Select Network Security > Firewall Objects from the menu. The Firewall Objects submenu tabs appear , with the Services screen in view . 2. Click the QoS Profiles submenu tab. The QoS Profiles screen dis[...]
-
Página 151
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-37 v1.0, January 2010 5. Click Apply to save your settings. The new QoS profile is added to the List of QoS Profi les table. T o edit a QoS profile: 1. In the List of QoS Profiles table, click the Edit table button to the right of the QoS profile that you w[...]
-
Página 152
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-38 Firewall Pr otection v1.0, January 2010 3. Click Apply to save your changes. The modified QoS pr ofile is displayed in the List of QoS Profiles table. Creating Bandwid th Profiles Bandwidth profiles d etermine the way in which da ta is communicated with the hosts. The purpo[...]
-
Página 153
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-39 v1.0, January 2010 The screen displays the List of Bandwidth Profiles table with the user -defined profiles. 3. Under the List of Bandwidth Profiles table, click the Add table button. The Add Bandwidth Profile screen displays. 4. Enter the settings as ex[...]
-
Página 154
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-40 Firewall Pr otection v1.0, January 2010 5. Click Apply to save your settings. The new bandwidt h profile is added to the List of Bandwidth Profil es table. 6. In the Bandwidth Profiles section of the screen, select the Ye s radio bu tton under Enable Bandwidth Profiles? (By[...]
-
Página 155
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-41 v1.0, January 2010 Setting a Schedule to Block or Allow S pecific T raffic Schedules define the timeframe s under which fi rewall rule s may be applied. Three schedules, Schedule 1, Schedule 2 and Schedule3 can b e defined, and any on e of these can be s[...]
-
Página 156
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-42 Firewall Pr otection v1.0, January 2010 • Specific Times . The schedule is active only on specific hours of the selecte d day or days. T o the right of the radio buttons, specify th e S tart T ime and End T ime fields (Hour , Minute, AM/PM) during which the schedule is in[...]
-
Página 157
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-43 v1.0, January 2010 2. In the MAC Filtering Enab le section, select the Ye s radio button. 3. In the same section, select one of the followi ng options from the pull-down menu (next to Policy for MAC Addresses listed below): • Block . T raffic coming fr[...]
-
Página 158
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-44 Firewall Pr otection v1.0, January 2010 Setting up IP/MAC Bindings IP/MAC Binding allows you to bind an IP addr ess to a MAC address and vice-versa. Some PCs or devices are configured with static addresses. T o prevent users from changing their static IP addresses, the IP/M[...]
-
Página 159
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-45 v1.0, January 2010 3. Enter the settings as explained in Ta b l e 5 - 9 . Figure 5-27 T able 5-9. IP/MAC Binding Settings Setting Description (or Subfield and Description) Email IP/MAC Violations Do you want to enable E-mail Logs for IP/MAC Binding Viola[...]
-
Página 160
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-46 Firewall Pr otection v1.0, January 2010 4. Click the Add table button. The new IP/MAC rule is added to the IP/MAC Bindings table. 5. Click Apply to save your changes. T o edit an IP/MAC binding: 1. In the IP/MAC Bindings table, click the Edit table button to the right of th[...]
-
Página 161
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-47 v1.0, January 2010 Note these restrictions on port triggering: • Only one PC can use a port trig gering application at any time. • After a PC has finished using a port triggering application, there is a short time-out period before the application ca[...]
-
Página 162
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-48 Firewall Pr otection v1.0, January 2010 3. Click the Add table but ton . Th e new p ort trigg e ring rul e is added to the Port T riggering Rules table. T o edit a port triggering rule: 1. In the Port T riggering Rules table, click the Edit table button to the right of the [...]
-
Página 163
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-49 v1.0, January 2010 Using the Intrusion Prevention System The Intrusion Prevention System (IPS) of the UTM monitors all network traf fic to detect, in real- time, network attacks and port scans and to protect your network from such intrusions. Y ou can se[...]
-
Página 164
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-50 Firewall Pr otection v1.0, January 2010 When you en able the IPS, th e default IPS configuration goes into ef fect. The default IPS configuration is the configuratio n that the Advanced (IPS) scree n returns to when you click the Reset button. T o modify th e default IPS co[...]
-
Página 165
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Firewall Protection 5-51 v1.0, January 2010 . Figure 5-31[...]
-
Página 166
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 5-52 Firewall Pr otection v1.0, January 2010 T able 5-1 1. IPS: Less Familiar Att ack Names Attack Name Description (or Subfield and Description) Web web-misc Detects some specific Web att a ck tools, such as the fingerprinting tool and the password-cracking tool. web-attacks De[...]
-
Página 167
6-1 v1.0, January 2010 Chapter 6 Content Filtering and Optimizing Scans This chapter describes how to apply the content filtering features of the UTM and how to optimize scans to protect you r network. This chapter contains the following sections: • “About Content Filtering and Scans” on this page. • “Configuring E-mail Protection” on p[...]
-
Página 168
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-2 Content Filtering and Optim izing Scans v1.0, January 2010 Default E-mail and W eb Scan Settings For most network environm ents, the default sca n se ttings and actions that are shown in Ta b l e 6 - 1 work well but you can adjust these to th e needs of your specific environ[...]
-
Página 169
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-3 v1.0, January 2010 Configuring E-mail Protection The UTM lets you configure the following settin gs to protect the network’ s e-mail communication: • The e-mail protocols that are scanned for malware threats. • Actions that are t[...]
-
Página 170
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-4 Content Filtering and Optim izing Scans v1.0, January 2010 Customizing E-mail Prot ocol Scan Settings T o configure the e-mail protocols and ports to scan: 1. Select Application Security > Services from the menu. The Services screen displays ( Figure 6-1 shows the upper p[...]
-
Página 171
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-5 v1.0, January 2010 Customizing E-mail Anti-V irus and Notification Settings Whether or not the UTM detects an e-mail virus, yo u can configure it to take a variety of actions (some of the default actions are listed in T able 6-1 on pag[...]
-
Página 172
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-6 Content Filtering and Optim izing Scans v1.0, January 2010 2. Enter the settings as explained in Ta b l e 6 - 2 . T able 6-2. E-mail Anti-Virus and Notification Settin gs Setting Description (or Subf ie ld a nd Desc r ipt ion) Action SMTP From the SMTP pull-down menu, specif[...]
-
Página 173
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-7 v1.0, January 2010 Append Safe S tamp (SMTP and POP3) For SMTP and POP3 e-mail messages, se lect this checkbox to insert a default safe stamp message at the end of an e-mail. The safe stamp insertion serves as a security confirmation t[...]
-
Página 174
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-8 Content Filtering and Optim izing Scans v1.0, January 2010 3. Click Apply to save your settings. E-mail Content Filtering The UTM provides several options to filter unwant ed co ntent from e-mails. Y ou can filter content from e-mails based on keywords in the subject line , [...]
-
Página 175
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-9 v1.0, January 2010 T o configure e-mail content filtering: 1. Select Application Security > Email Filters from the menu. The Email Filters screen displays. Figure 6-3[...]
-
Página 176
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-10 Content Filtering and Optimizin g Scans v1.0, January 2010 2. Enter the settings as explained in Ta b l e 6 - 3 . T able 6-3. E-mail Filter Settings Setting Description (or Subfield and Description) Filter by Subject Key words Keywords Enter keywords that should be detect e[...]
-
Página 177
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-11 v1.0, January 2010 3. Click Apply to save your settings. Protecting Against E-mail S p am The UTM integrates multiple anti-sp am technologies to provide comprehensive p rotection against unwanted e-mail. Y ou can enable all or a comb [...]
-
Página 178
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-12 Content Filtering and Optimizin g Scans v1.0, January 2010 3. Real-time blacklist . E-mails from known spam sources that are collected by blacklist providers are blocked. 4. Distributed Spam Analysis . E-mails that are detected as spam by the NETG EAR Spam Classification Ce[...]
-
Página 179
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-13 v1.0, January 2010 T o configure the whitelist and blacklist: 1. Select Application Security > Anti-Spam from the menu. The Anti-Spam submenu tabs appear , with the Whitelist/Bla cklist screen in view . Figure 6-4[...]
-
Página 180
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-14 Content Filtering and Optimizin g Scans v1.0, January 2010 2. Enter the settings as explained in Ta b l e 6 - 3 . Configuring the Real-time Blacklist Blacklist providers are organizations that collect IP addresses of verified open SMTP relays that might be used by spammers [...]
-
Página 181
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-15 v1.0, January 2010 blacklist providers and are made av ailable to the public in the form of real-time blacklists (RBLs). By accessing these RBLs, the UTM can block spam originating from known spam sources. By default, the UTM comes wi[...]
-
Página 182
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-16 Content Filtering and Optimizin g Scans v1.0, January 2010 2. Click the Add table button in the Add column. The new bl acklist provider is added to the real- time blacklist, and it is disabl ed by default. T o delete a blacklist provider from the real-time blacklist: 1. In [...]
-
Página 183
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-17 v1.0, January 2010 3. Enter the settings as explained in Ta b l e 6 - 5 . Figure 6-6 T able 6-5. Distributed Sp am Analysis Settings Setting Description (or Subfield and Description ) Distributed Sp am Analysis SMTP Select the SMTP ch[...]
-
Página 184
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-18 Content Filtering and Optimizin g Scans v1.0, January 2010 4. Click Apply to save your settings. The Distributed Spam Analysis section and the Anti-Spam Engine Settings section each have their own Apply and Reset buttons to enable you to make changes to these sections separ[...]
-
Página 185
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-19 v1.0, January 2010 Configuring W eb and Services Protection The UTM lets you config ure the following settings to protect the network’ s Internet and W eb services communication: • The W eb protocols, instant messaging services, a[...]
-
Página 186
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-20 Content Filtering and Optimizin g Scans v1.0, January 2010 2. Enter the settings as explained in Ta b l e 6 - 5 . Figure 6-7 T able 6-6. Web Protocol, Inst ant Messaging, and Peer-to-Peer Settings Setting Description (or Subfie ld an d Des c ri pti on ) Web HTTP Select the [...]
-
Página 187
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-21 v1.0, January 2010 3. Click Apply to save your settings Configuring Web Malware Scans Whether or not the UTM detects W eb-bas ed malware threats, you can configure it to ta ke a variety of actions (some of the default actions are list[...]
-
Página 188
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-22 Content Filtering and Optimizin g Scans v1.0, January 2010 2. Enter the settings as explained in Ta b l e 6 - 2 . Figure 6-8 T able 6-7. Malware Scan Settings Setting Description (or Su bfield and Descriptio n) Action HTTP and HTTPS Action From the HTTP or HTTPS pull-down m[...]
-
Página 189
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-23 v1.0, January 2010 3. Click Apply to save your settings. Configuring Web Content Filtering If you want to restrict internal LAN users from a ccess to certain types of information and objects on the Internet, use the UTM’ s content f[...]
-
Página 190
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-24 Content Filtering and Optimizin g Scans v1.0, January 2010 Several types of W eb content blocking are available: • File extension blocking . Y o u can block files bas ed on their extension. Such f iles can include, executable files, audio and vide o files, and compressed [...]
-
Página 191
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-25 v1.0, January 2010 T o configure W eb content filtering: 1. Select Application Security > HTTP/HTTPS from the menu. Th e HT TP/HTTPS submenu tabs appear , with the Malware Sca n screen in view . 2. Click the Content Filtering subme[...]
-
Página 192
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-26 Content Filtering and Optimizin g Scans v1.0, January 2010 . Figure 6-10 [Content Filtering, screen 2 of 3][...]
-
Página 193
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-27 v1.0, January 2010 . 3. Enter the settings as explained in T able 6 -8 o n page 6-2 8 . Figure 6-1 1 [Content Filtering, scr een 3 of 3][...]
-
Página 194
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-28 Content Filtering and Optimizin g Scans v1.0, January 2010 T able 6-8. Content Filtering Settings Setting Description (or Subfield an d Des c ripti on ) Content Filtering Log HTTP T raffic Select this checkbox to log HTTP traffic. For information about how to view the logge[...]
-
Página 195
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-29 v1.0, January 2010 Select the Web Categories Y ou Wish to Block Select the Enable Blocking checkbox to en able blocking of Web categories. By default, this checkbox is deselected. Select the checkboxes of any Web categories that yo u [...]
-
Página 196
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-30 Content Filtering and Optimizin g Scans v1.0, January 2010 4. Click Apply to save your settings. Configuring Web URL Filtering If you want to allow or block internal LAN user s from access to certain sites on the Internet, use the UTM’ s W eb URL filtering. Y ou can creat[...]
-
Página 197
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-31 v1.0, January 2010 T o configure W eb URL filtering: 1. Select Application Security > HTTP/HTTPS from the menu. Th e HT TP/HTTPS submenu tabs appear , with the Malware Sca n screen in view . 2. Click the URL Filtering submenu tab. [...]
-
Página 198
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-32 Content Filtering and Optimizin g Scans v1.0, January 2010 3. Enter the settings as explained in Ta b l e 6 - 9 . T able 6-9. URL Filtering Settings Setting Description (or Sub field and Description) Whitelist Enable Select this checkbox to bypass scanni ng of the URLs that[...]
-
Página 199
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-33 v1.0, January 2010 4. Click Apply to save your settings. URL This field contains the URLs that are blocked. T o add a URL to this field, use the Add URL field or the Import from File tool (see below). Y ou can add a maximum of 200 URL[...]
-
Página 200
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-34 Content Filtering and Optimizin g Scans v1.0, January 2010 HTTPS Scan Settings HTTPS traffic is encrypted traf fic that cannot be scanned otherwise the data stream would not be secure. However , the UTM can scan HTTPS traffi c that is transmit ted through an HTTP proxy , th[...]
-
Página 201
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-35 v1.0, January 2010 If one of these is not satisfied, a security aler t message appears in the browser window (see Figure 6-14 ). However , even when a certific ate is trusted or still valid, or when the name of a certificate does matc[...]
-
Página 202
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-36 Content Filtering and Optimizin g Scans v1.0, January 2010 T o configure the HTTPS scan settings: 1. Select Application Security > HTTP/HTTPS from the menu. Th e HT TP/HTTPS submenu tabs appear , with the Malware Sca n screen in view . 2. Click the HTTPS Settings submenu[...]
-
Página 203
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-37 v1.0, January 2010 4. Click Apply to save your settings. S pecifying T rusted Host s Y ou can specify trusted hosts for which the UT M bypasses HTTPS traffic scanning and security certificate authentication. The securi ty certificate [...]
-
Página 204
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-38 Content Filtering and Optimizin g Scans v1.0, January 2010 Note that c ertain sites contain el ements from d if f erent HTTPS hosts. As an example, assume that the https://example.com site contains HTTPS elements from the following three hosts: • trustedhostserver1.exampl[...]
-
Página 205
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-39 v1.0, January 2010 3. Enter the settings as explained in Ta b l e 6 - 1 1 . 4. Click Apply to save your settings. Configuring FTP Scans Some malware threats are specific ally developed to spread through the FTP protocol. By default, t[...]
-
Página 206
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-40 Content Filtering and Optimizin g Scans v1.0, January 2010 T o configure the FTP scan settings: 1. Select Application Security > FTP from the menu. The FTP screen displays. 2. Enter the settings as explained in Ta b l e 6 - 1 2 . Figure 6-17 T able 6-12. FTP Scan Setting[...]
-
Página 207
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-41 v1.0, January 2010 3. Click Apply to save your settings. Setting W eb Access Exception s and Scanning Exclusions After you have specified which content the UTM f ilters, you can set exception rules for users of certain LAN groups. Sim[...]
-
Página 208
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-42 Content Filtering and Optimizin g Scans v1.0, January 2010 T o set W eb access exception rules: 1. Select Application Security > Block/Accept Exceptions from the menu. The Block/Accept Exceptions screen displays. This screen shows the Exceptions table, which is empty if [...]
-
Página 209
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-43 v1.0, January 2010 3. Enter the settings as explained in Ta b l e 6 - 1 3 . 4. Click Apply to save your settings. The new exception ru le is added to th e Exceptions table. 5. Select the checkbox to the le ft of the rule that you want[...]
-
Página 210
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-44 Content Filtering and Optimizin g Scans v1.0, January 2010 2. Modify the settings that you wish to change (see T able 6 -1 3 on page 6-43 ). 3. Click Apply to save your changes. The modifie d excep tion rule is displayed in the Exceptions table. T o delete or disable one or[...]
-
Página 211
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Content Filtering and Optimi zing Scans 6-45 v1.0, January 2010 2. In the Add Scanning Exclusions section of the scr een, specify an exclusion rule as explained in Ta b l e 6 - 1 4 . 3. In the Add column, click the Add table button to add t he exclusion rule to the Scanning Excl[...]
-
Página 212
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 6-46 Content Filtering and Optimizin g Scans v1.0, January 2010[...]
-
Página 213
7-1 v1.0, January 2010 Chapter 7 V irtual Private Networking Using IPsec Connections This chapter describes how to use the IP security (IPsec) virtual private networking (VPN) features of the UTM to provide secure, encrypted comm unications between your local network and a remote network or computer . This ch apter contains the following sections: [...]
-
Página 214
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-2 Virtual Private Networking Using IPsec Connections v1.0, January 2010 See “V irtual Private Networks (VPNs)” on page B-9 for more information about the IP addressi ng requirements for VPNs in th e dual W AN mode s. For inform ation about how to select and configure a dyn[...]
-
Página 215
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7- 3 v1.0, January 2010 Using the IPsec VPN Wizard for Client and Gateway Configurations Y ou can use the IPsec VPN W izard to configure mu ltiple gateway or client VPN tunnel policies. The section below provides wizard and NETG[...]
-
Página 216
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-4 Virtual Private Networking Using IPsec Connections v1.0, January 2010 Creating Gateway-to-Gateway VPN T unnels w ith the Wizard T o set up a gateway-to-gateway VP N tunnel using the VPN W izard. 1. Select VPN > IPsec VPN from the menu. The IPsec VPN su bmenu tabs appear ,[...]
-
Página 217
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7- 5 v1.0, January 2010 T o view the wizard default settings, click the VPN Wizard Default V alues option arrow at the top right of the screen. A popup window appears (see Figure 7-5 on page 7-6 ) displaying the wizard default v[...]
-
Página 218
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-6 Virtual Private Networking Using IPsec Connections v1.0, January 2010 3. Select the radio buttons and comple te the field s and as e xplained Ta b l e 7 - 2 . Figure 7-5 T able 7-2. (IPsec) VPN W izard Setti ngs f or a Gateway-to-Gateway T unnel Setting Description (or Subf [...]
-
Página 219
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7- 7 v1.0, January 2010 . . This VPN tunnel will use following local W AN Interface (dual-W A N port models only) For the dual-WAN port models only , se lect one of th e two radio buttons ( WA N 1 or WA N 2 ) to specify which lo[...]
-
Página 220
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-8 Virtual Private Networking Using IPsec Connections v1.0, January 2010 4. Click Apply to save your settings. The IPsec VPN polic y is now added to the List of VPN Policies table on the VPN Policies screen. By default, the VPN policy is enabled. 5. Configure a VPN policy on th[...]
-
Página 221
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7- 9 v1.0, January 2010 Creating a Client to Gateway VPN T unnel Follow the steps in the fo llowing sections to configure a VP N client tunnel: • “Using the VPN W izard Configure the Gate way for a Client T unnel” on page [...]
-
Página 222
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-10 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 T o display the wizard de fault settings, click the VPN W izard Default V alues option arrow at the top right of the screen. A popup window appears (see Figure 7-5 on page 7-6 ), displaying the wizard d[...]
-
Página 223
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-11 v1.0, January 2010 3. Select the radio buttons and comple te the field s and as e xplained Ta b l e 7 - 3 . . T able 7-3. (IPsec) VPN Wizard Settings for a Client-to-Gate way T unnel Setting Description (or Subf ield and De[...]
-
Página 224
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-12 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 4. Click Apply to save your settings. The IPsec VPN polic y is now added to the List of VPN Policies table on the VPN Policies screen. By default, the VPN policy is enabled. Using the NETGEAR VPN Client[...]
-
Página 225
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-13 v1.0, January 2010 2. In the upper left of the Policy Editor window , click the New Connection icon (the first icon on the left) to open a new connection. Give th e ne w connection a name; in this example, we are using UTM_[...]
-
Página 226
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-14 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 3. Enter the settings as explained in Ta b l e 7 - 4 . 4. Click on the disk icon to save the configuration, or select File > Save from the Security Policy Editor menu. T able 7-4. Security Policy Edi[...]
-
Página 227
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-15 v1.0, January 2010 5. In the left frame, click My Identity . The screen adjusts. 6. Enter the settings as explained in Ta b l e 7 - 5 . Figure 7-13 T able 7-5. Security Policy Ed itor: My Identity Settings Setting Descripti[...]
-
Página 228
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-16 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 7. Click on the disk icon to save the configuration, or select File > Save from the Security Policy Editor menu. 8. In the left frame, click Security Policy . The screen adjusts. ID T ype From the pu[...]
-
Página 229
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-17 v1.0, January 2010 9. Enter the settings as explained in Ta b l e 7 - 6 . 10. Click on the disk icon to save the configuration, or select File > Save from the Security Policy Editor menu 11 . Close the VPN ProSafe VPN cl[...]
-
Página 230
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-18 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 In the example that is shown in Figure 7-15 , you should receive the message “Successfully connected to My ConnectionsU TM_SJ” within 30 seconds. The VPN client icon in the system tray should say O[...]
-
Página 231
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-19 v1.0, January 2010 • Right-click the VPN Client icon in the system tray and select Connection Monitor . Figure 7-16 Figure 7-17[...]
-
Página 232
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-20 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 The VPN client system tray icon provides a vari ety of status indications, which are listed b elow . V iewing the UTM IPsec VPN Connection S t atus T o review the status of current IPsec VPN tunnels: 1.[...]
-
Página 233
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-21 v1.0, January 2010 The Active IPsec SAs table lists each active conn ection with the informa tion that is described in Ta b l e 7 - 8 . The default poll interval is 5 seconds. T o change the poll interval period, enter a ne[...]
-
Página 234
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-22 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 Managing IPsec VPN Policies After you have used the VPN W izard to set up a VPN tunnel, a VPN policy and an IKE policy are stored in separate policy tables. The name that you selected as the VPN tunnel [...]
-
Página 235
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-23 v1.0, January 2010 Managing IKE Policies The Internet Key Exchange (IKE) protocol perfo rms negotiations between the two VPN gateways, and provides au tomatic managemen t of the keys that are used for IP sec connectio ns. I[...]
-
Página 236
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-24 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 . Each policy contains the data that are explained in Ta b l e 7 - 9 These fields are explained in more detail in T abl e 7-10 on page 7-27 . T o delete one or more IKE polices: 1. Select the checkbox t[...]
-
Página 237
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-25 v1.0, January 2010 T o add or edit an IKE policy , see “Manually Adding or Editing an IKE Policy on this page. Manually Adding or Editing an IKE Policy T o manually add an IKE policy: 1. Select VPN > IPSec VPN from the[...]
-
Página 238
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-26 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 . Figure 7-21[...]
-
Página 239
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-27 v1.0, January 2010 3. Complete the fields, select the radio buttons , and make your selections from the pu ll-down menus as explained Ta b l e 7 - 1 0 . T able 7-10. Add IKE Policy Settings Item Description (or Subfield and[...]
-
Página 240
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-28 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 Local Select Local Gateway (dual-W A N port models only) For the dual-W AN port models only , select a radio button to specify the WAN1 or W AN2 interface. Identifier T ype From the pull-down menu, sele[...]
-
Página 241
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-29 v1.0, January 2010 Authentication Algorithm From the pull-down menu, select one of the follo wing two algorith ms to use in the VPN header for the authentication process: • SHA-1 . Hash algorithm that produces a 160-bit d[...]
-
Página 242
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-30 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 4. Click Apply to save your settings. The IKE policy is added to t he List of IKE Policies table. T o edit an IKE policy: 1. Select VPN > IPSec VPN from the menu. The IPsec VPN submenu tabs appear wi[...]
-
Página 243
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-31 v1.0, January 2010 4. Click Apply to save your changes. The modified IKE policy is displayed in the List of IKE Policies table. Managing VPN Policies Y ou can create tw o types of VPN policies. When you use the VPN W izard [...]
-
Página 244
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-32 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 2. Click the VPN Policies submenu tab. The VPN Policies screen displays. ( Figure 7-22 shows some examples.) Each policy contains the data that are explained in Ta b l e 7 - 1 1 . These fields are expla[...]
-
Página 245
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-33 v1.0, January 2010 T o delete one or more VPN polices: 1. Select the checkbox to the left of the polic y that you want to delete or click the Select All table button to select all VPN pol icies. 2. Click the Delete table bu[...]
-
Página 246
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-34 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 Figure 7-23[...]
-
Página 247
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-35 v1.0, January 2010 4. Complete the fields, select the radio buttons an d checkbox es, and make your se le ctions from the pull-down men us as explained Ta b l e 7 - 1 2 . T able 7-12. Add VPN Policy Settings Item Descriptio[...]
-
Página 248
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-36 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 T raffic Selection Local IP From the pull-down menu, select th e address or addre sses that are part of the VPN tunnel on the UTM: • Any . All PCs and devices on the network. Note : Y ou cannot select[...]
-
Página 249
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-37 v1.0, January 2010 Integrity Algorithm From the pull-down menu, se le ct one of the following two algori thms to be used in the VPN header for the authentication process: • SHA-1 . Hash algorithm that produces a 160-bit d[...]
-
Página 250
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-38 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 5. Click Apply to save your settings. The VPN policy is added to the List of VPN Policies table. T o edit a VPN policy: 1. Select VPN > IPSec VPN from the menu. The IPsec VPN submenu tabs appear with[...]
-
Página 251
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-39 v1.0, January 2010 Y ou can enable XAUTH when you manually add or edit an IKE policy . T wo types of XAUTH are available: • Edge Device . The UTM is used as a VPN concentrator on which one or more gateway tun nels termina[...]
-
Página 252
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-40 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 4. Complete the fields, select the radio buttons , and make your selections from the pu ll-down menus as explained Ta b l e 7 - 1 3 . 5. Click Apply to save your settings. User Dat abase Configuration W[...]
-
Página 253
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-41 v1.0, January 2010 server in the network when a user requests access to network resources. During the establishment of a VPN connection, the VPN gateway can interru pt the process with an XAUTH request. At tha t point, the [...]
-
Página 254
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-42 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 3. Complete the fields and select the radio buttons as explained Ta b l e 7 - 1 4 . 4. Click Apply to save your settings. Ta b l e 7 - 1 4 . RADIUS Client Settings Item Description (or Subfield an d Des[...]
-
Página 255
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-43 v1.0, January 2010 Assigning IP Addresses to Re mote Users (Mode Config) T o simplify the process of connecting remote VP N clients to the UTM, use the Mode Config feature to assign IP addresses to remote users, including a[...]
-
Página 256
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-44 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 2. Click the Mode Config submenu tab. The Mode Config screen displays. As an example, the screen shows two Mode Co nfig records with the names EMEA Sales and NA Sales: • For EMEA Sales, a first pool ([...]
-
Página 257
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-45 v1.0, January 2010 . 4. Complete the fields, selec t the checkbox, and ma ke your selections from the pull-down menus as explained Ta b l e 7 - 1 5 . Figure 7-26 T able 7-15. Add Mode Config Record Settings Item Description[...]
-
Página 258
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-46 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 WINS Server If there is a WINS server on the local network, enter its IP address in the Primary field. Y ou can enter the IP ad dress of a second WINS server in the Secondary field. DNS Server Enter the[...]
-
Página 259
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-47 v1.0, January 2010 5. Click Apply to save your settings. The new Mode Config record is added to the List of Mode Config Records table. Continue the Mode Config con figuration procedur e by configuring an IKE policy . 6. Sel[...]
-
Página 260
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-48 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 8. On the Add IKE Policy screen, complete the fi elds, select the radio buttons, and m ak e your selections from the pull-down menus as explained Ta b l e 7 - 1 6 . Note: The settings that are explained[...]
-
Página 261
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-49 v1.0, January 2010 Remote Identifier T ype From the pull-down menu, select FQ DN . Note : Mode Config requires that the remote end is defined by a FQDN. Identifier Enter the FQDN for the re mote end . This must be a FQDN th[...]
-
Página 262
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-50 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 9. Click Apply to save your settings. The IKE policy is added to t he List of IKE Policies table. Configuring the ProSafe VPN Client for Mode Config Operation From a client PC running NETGEAR ProSafe VP[...]
-
Página 263
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-51 v1.0, January 2010 2. In the upper left of the Policy Editor window , click the New Connection icon (the first icon on the left) to open a new connection. Give th e ne w connection a name; in this example, we are using Mode[...]
-
Página 264
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-52 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 4. Click on the disk icon to save the configuration, or select File > Save from the Security Policy Editor menu. Use Select the Use checkbox. T hen, from the pull-down menu, select Secure Gateway T u[...]
-
Página 265
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-53 v1.0, January 2010 5. In the left frame, click My Identity . The screen adjusts. 6. Enter the settings as explained in Ta b l e 7 - 1 8 . Figure 7-29 T able 7-18. Security Polic y Editor: My Identity , Mode Config Settin gs[...]
-
Página 266
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-54 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 7. Click on the disk icon to save the configuration, or select File > Save from the Security Policy Editor menu. 8. In the left frame, click Security Policy . The screen adjusts. ID T ype From the pu[...]
-
Página 267
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-55 v1.0, January 2010 9. Enter the settings as explained in Ta b l e 7 - 1 9 . 10. Click on the disk icon to save the configuration, or select File > Save from the Security Policy Editor menu. 11 . Close the VPN ProSafe VPN[...]
-
Página 268
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-56 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 Configuring Keep alives The Keepalive feature maintains the IPSec SA by sending periodic ping requests to a host across the tunnel and monito ring the re plies. T o configure the Keepalive feature on a [...]
-
Página 269
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-57 v1.0, January 2010 4. Enter the settings as explained in Ta b l e 7 - 2 0 . 5. Click Apply to save your settings. Configuring Dead Peer Connection The Dead Peer Detect ion (DPD) feature mainta ins the IKE SA by exchanging p[...]
-
Página 270
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-58 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010 3. In the IKE SA Parameters section of the screen, locate the DPD fields. 4. Select the radio button and complete the fields as explained Ta b l e 7 - 2 1 . 5. Click Apply to save your settings. Figure [...]
-
Página 271
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using IPsec Connections 7-59 v1.0, January 2010 Configuring NetBIOS Br idging with IPsec VPN W indows networks use the Network Basic Inpu t/Output System (NetBIOS) for several basic network services such as naming and neig hborhood device discovery . B[...]
-
Página 272
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 7-60 Virtual Private Networking Us ing IPsec Con nections v1.0, January 2010[...]
-
Página 273
8-1 v1.0, January 2010 Chapter 8 V irtual Private Networking Using SSL Connections The UTM provides a hardware-based SSL VPN solutio n designed specifically to provide remote access for mobile users to their corporate resources, bypassing the need for a pre-installed VPN client on their computers. Using the familiar Secure Sockets Layer (SSL) proto[...]
-
Página 274
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 8-2 Virtual Private Networking Using SSL Connections v1.0, January 2010 • SSL Port Forwarding . Like an SSL VPN tunnel , port forwar ding is a W eb-based client that installs transparently and then creates a virtua l, encrypted tunnel to the remote network. However , port forw[...]
-
Página 275
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using SSL Connections 8-3 v1.0, January 2010 The following sections explain the five configuration screens of the SSL VPN W izard. On the sixth screen, you can save your SSL VPN policy . The tables in the following sections explain th e buttons and fie[...]
-
Página 276
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 8-4 Virtual Private Networking Using SSL Connections v1.0, January 2010 Note: If you leave the Portal Layout Name fiel d blank, the SSL VPN W izard uses the default portal layout SSL-VPN. Y ou must enter a name other than SSL VPN in the Portal Layout Name field so the SSL VPN W [...]
-
Página 277
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using SSL Connections 8-5 v1.0, January 2010 SSL VPN Wizard S tep 2 of 6: Domain Settings HTTP meta tags for cache control (recommended) Select this checkbox to apply HTTP meta tag cache control directives to this portal layout. Cache control directive[...]
-
Página 278
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 8-6 Virtual Private Networking Using SSL Connections v1.0, January 2010 Note that Figure 8-3 contains some examples. Ente r the settings as explained in Ta b l e 8 - 2 , then click Next to go the following screen. Note: If you leave the Do main Name field blank, the SSL VPN W iz[...]
-
Página 279
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using SSL Connections 8-7 v1.0, January 2010 SSL VPN Wizard S tep 3 of 6: User Settings Note that Figu re 8-4 contains some examples. Ente r the settings as explained in Ta b l e 8 - 3 o n page 8-8 , then click Next to go the following screen. Portal T[...]
-
Página 280
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 8-8 Virtual Private Networking Using SSL Connections v1.0, January 2010 Note: After you have completed the steps in the SSL VPN Wizard, you can make changes to the user settings by selecting Users > Users . For more inform ation about user settings, see “Configuring User Ac[...]
-
Página 281
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using SSL Connections 8-9 v1.0, January 2010 SSL VPN Wizard S tep 4 of 6: C lient IP Address Range and Routes Note that Figu re 8-5 contains some examples. Ente r the settings as explained in Ta b l e 8 - 4 o n page 8-10 , then click Next to go the fol[...]
-
Página 282
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 8-10 Virtual Private Networking Using SSL Connections v1.0, January 2010 T able 8-4. SSL VPN Wizard S tep 4: Client IP Address Range and Routes Settings Item Description (or Subfield a nd Descr ipt ion) Client IP Address Range Enable Full Tunnel Support Select this checkbox to e[...]
-
Página 283
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using SSL C onnections 8-11 v1.0, January 2010 SSL VPN Wizard S tep 5 of 6: Port Forwarding Note that Figu re 8-6 contains some examples. Ente r the settings as explained in Ta b l e 8 - 5 , then click Next to go the following screen. Figure 8-6 Note: [...]
-
Página 284
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 8-12 Virtual Private Networking Using SSL Connections v1.0, January 2010 TCP Port NumberAction The TCP port number of th e application th at is accessed through the SSL VPN tunnel. Below are some commonly used TCP applications and port numbers. FTP Data (usually not needed) 20 F[...]
-
Página 285
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using SSL C onnections 8-13 v1.0, January 2010 SSL VPN Wizard S tep 6 of 6: V erify and Save Y our Settings Figure 8-7[...]
-
Página 286
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 8-14 Virtual Private Networking Using SSL Connections v1.0, January 2010 V erify your settings; if you need to make any changes, click the Back action button (if needed several times) to return to the screen on which you want to make changes. Click Apply to save your settings. I[...]
-
Página 287
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using SSL C onnections 8-15 v1.0, January 2010 4. Enter the user name and password that you ju st created with the help of the SSL VP N W izard 5. Click Login . The default User Port al scre en di sp la ys . Figure 8-8 Figure 8-9[...]
-
Página 288
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 8-16 Virtual Private Networking Using SSL Connections v1.0, January 2010 The default User Portal screen displays a simple menu that provides the SSL user with the following menu selections: • VPN T unnel . Provides full network connectivity . • Port Forwarding . Provides acc[...]
-
Página 289
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using SSL C onnections 8-17 v1.0, January 2010 3. From the Log T ype pull-down menu, select SSL VPN . The SSL VPN logs display . Manually Configuring and Editing SSL Connections T o manually configure and activate SSL connections , perform the followin[...]
-
Página 290
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 8-18 Virtual Private Networking Using SSL Connections v1.0, January 2010 When you define the SSL VPN policies that determine netw ork resource access for your SSL VPN users, you can define g lobal polici es, group policies, o r individual poli cies. Because you must assign an au[...]
-
Página 291
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using SSL C onnections 8-19 v1.0, January 2010 Portal layouts are applied by selecting one from the available portal layouts in the configuratio n of a domain. When you have completed yo ur portal layout, you can apply the portal layout to one o r more[...]
-
Página 292
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 8-20 Virtual Private Networking Using SSL Connections v1.0, January 2010 The List of Layou ts table displays the follo wing fields: • Layout Name . The descriptive name of the portal. • Description . The banner message that is displayed at the top of the portal (see Figure 8[...]
-
Página 293
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using SSL C onnections 8-21 v1.0, January 2010 4. Complete the fields and select the checkboxes as expl a ine d Ta b l e 8 - 6 . Ta b l e 8 - 6 . Ad d Po rt al Layout Settings Item Description (or Subfield and Description) Port al Layout and Theme Name[...]
-
Página 294
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 8-22 Virtual Private Networking Using SSL Connections v1.0, January 2010 5. Click Ap ply to save your settings. The new portal layout is added to the List of Layouts table. T o display the new portal layout. Configuring Domains, Group s, and Users Remote users connec ting to the[...]
-
Página 295
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using SSL C onnections 8-23 v1.0, January 2010 Adding Servers and Port Numbers T o configure port forwa rding, you must define the IP addresses of the internal s ervers and the port number for TCP applications that are available to remote users. T o ad[...]
-
Página 296
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 8-24 Virtual Private Networking Using SSL Connections v1.0, January 2010 4. Click the Add table button. The new application entry is added to the List of Configured Applications for Port Forwarding table. Re mote users can now secure ly access network applications once they have[...]
-
Página 297
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using SSL C onnections 8-25 v1.0, January 2010 3. In the Add New Host Name for Port Forwarding section of the screen, specify information in the following fields: • Local Server IP Address . The IP address of an internal server or host computer that [...]
-
Página 298
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 8-26 Virtual Private Networking Using SSL Connections v1.0, January 2010 • If you enable split tunnel support and you assign an enti rely different subnet to the VPN tunnel clients than the subnet that is used by the local network, you must add a client route to ensure that a [...]
-
Página 299
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using SSL C onnections 8-27 v1.0, January 2010 3. Select the checkbox and complete the fields as explained Ta b l e 8 - 8 . 4. Click Apply to save your settings. VPN tunnel client s are now able to connect to the UTM and receive a virtual IP address in[...]
-
Página 300
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 8-28 Virtual Private Networking Using SSL Connections v1.0, January 2010 T o add an SSL VPN tunnel client r oute: 1. Select VPN > SSL VPN from the menu. The SSL VPN s subm enu tabs appear , with the Policies screen in view . 2. Click the SSL VPN Client submenu tab. The SSL VP[...]
-
Página 301
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using SSL C onnections 8-29 v1.0, January 2010 Adding New Network Resources T o define a netw ork resource: 1. Select VPN > SSL VPN from the menu. The SSL VPN s subm enu tabs appear , with the Policies screen in view . 2. Click the Resources submenu[...]
-
Página 302
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 8-30 Virtual Private Networking Using SSL Connections v1.0, January 2010 Editing Network Resources to S pecify Addresses 1. Select VPN > SSL VPN from the menu. The SSL VPN s subm enu tabs appear , with the Policies screen in view . 2. Click the Resources submenu tab. The Reso[...]
-
Página 303
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using SSL C onnections 8-31 v1.0, January 2010 5. Click Apply to save your settings. The new configuration is added to the Defined Resource Addresses table. T o delete a configuration from the Defined Resource Addresses table, click the Delete table bu[...]
-
Página 304
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 8-32 Virtual Private Networking Using SSL Connections v1.0, January 2010 For example, a policy that is configured for a si ngle IP address takes precedence over a po licy that is configured for a range of addresses. And a policy tha t applies to a range of IP address es takes pr[...]
-
Página 305
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using SSL C onnections 8-33 v1.0, January 2010 2. Make your selection from the follo win g Query options: • Click Glo bal to view all global policies. • Click Gr oup to view group policies, and choo se the relevant group’ s name from the pull- do[...]
-
Página 306
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 8-34 Virtual Private Networking Using SSL Connections v1.0, January 2010 . 3. Select the radio buttons, complete the fields , and make yo ur selection from the pull-down menus as explained Ta b l e 8 - 1 0 . Figure 8-19 Ta b l e 8 - 1 0 . Add Policy Settings Item Descrip tion (o[...]
-
Página 307
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using SSL C onnections 8-35 v1.0, January 2010 Add SSL VPN Policies Apply Policy For Select one of the following radio buttons to specify how the policy is applied: • Network Resource . The policy is appl ied to a network resource that you have defin[...]
-
Página 308
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 8-36 Virtual Private Networking Using SSL Connections v1.0, January 2010 Apply Policy For (continued) IP Network Policy Name A descriptive name of the SSL VPN policy for identification and management purpose s. IP Address The network IP address to which th e SSL VPN policy is ap[...]
-
Página 309
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Virtual Private Networking Using SSL C onnections 8-37 v1.0, January 2010 4. Click Apply to save your settings. The policy is adde d to the List of SSL VPN Policies table on the Policies screen. The new poli cy goes into ef fect immediately . Note: In addition to configuring SSL[...]
-
Página 310
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 8-38 Virtual Private Networking Using SSL Connections v1.0, January 2010[...]
-
Página 311
9-1 v1.0, January 2010 Chapter 9 Managing Users, Authenti cation, and Certificates This chapter describes how to manage users, auth entication, and security ce rtificates for IPsec VPN and SSL VPN. This chapter contains the following sections: • “Configuring VPN Authenticati on Domains, Groups, and Users ” on this page. • “Managing Digita[...]
-
Página 312
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 9-2 Managing Users, Authen tication, and Certificates v1.0, January 2010 Configuring Domains The domain determines the authentication method to be us ed for associated users. For SSL connections, the domain al so determines the portal layout that is presented, which in turn dete[...]
-
Página 313
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Managing Users, Authentica tion, and Certificates 9-3 v1.0, January 2010 T o create a domain: 1. Select Users > Domains from the menu. The Doma ins screen displays. Figure 9-1 shows the UTM’ s default domain—geardomain—and, as an example, another domain in the List of D[...]
-
Página 314
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 9-4 Managing Users, Authen tication, and Certificates v1.0, January 2010 2. Under the List of Domains table, click the Add table button. The Add Domain screen displays. 3. Enter the settings as explained in Ta b l e 9 - 2 . Figure 9-2 T able 9-2. Add Domain Settings Setting Desc[...]
-
Página 315
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Managing Users, Authentica tion, and Certificates 9-5 v1.0, January 2010 4. Click Apply to save your settings. The domain is added to the List of Domains table. 5. If you use local authentication, make su re that it is not disabled: select the No radio button in the Local Authen[...]
-
Página 316
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 9-6 Managing Users, Authen tication, and Certificates v1.0, January 2010 6. If you change local authentication, click Apply in the Domain screen to save your settings. T o delete one or more domains: 1. In the List of Domains table, select the check box to the left of the domain[...]
-
Página 317
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Managing Users, Authentica tion, and Certificates 9-7 v1.0, January 2010 Creating and Deleting Group s T o create a VPN group: 1. Select Users > Groups from the menu. The Groups screen displays. Figure 9-3 shows the UTM’ s default group—geardomain—and, as an exampl e, s[...]
-
Página 318
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 9-8 Managing Users, Authen tication, and Certificates v1.0, January 2010 3. Click the Add table button. The new group is added to the List of Groups table. T o delete one or more groups: 1. In the List of Groups table, select the checkbox to the left of the group that you want t[...]
-
Página 319
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Managing Users, Authentica tion, and Certificates 9-9 v1.0, January 2010 3. Modify the idle timeout period in minutes in the Idle T i meout field. For a group that is associated with a domain that uses the LDAP authentication method , configure the LDAP attributes (in fields 1 t[...]
-
Página 320
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 9-10 Managing Users, Authentication , and Certificates v1.0, January 2010 T o create an individual user account: 1. Select Users > Users from the menu. The Users screen displays. Figure 9-5 shows the UTM’ s default users—admin and guest—and, as an exampl e, several othe[...]
-
Página 321
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Managing Users, Authentica tion, and Certificates 9-11 v1.0, January 2010 3. Enter the settings as explained in Ta b l e 9 - 4 . Figure 9-6 T able 9-4. Add User Settings Setting Description (or Subf ield and Description) User Name A descriptive (alphanumeric) name o f the user f[...]
-
Página 322
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 9-12 Managing Users, Authentication , and Certificates v1.0, January 2010 4. Click Apply to save your settings. The user is added to the List of Users table. T o delete one or more users: 1. In the List of Users table, select the checkbox to the left of the user that you want to[...]
-
Página 323
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Managing Users, Authentica tion, and Certificates 9-13 v1.0, January 2010 4. Click Apply to save your settings. Configuring Login Restrictions Bas ed on IP Address T o restrict logging in based on IP address: 1. Select Users > Users from the menu. The Users screen displays (s[...]
-
Página 324
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 9-14 Managing Users, Authentication , and Certificates v1.0, January 2010 4. In the Defined Addresses Status section of the screen, select one of the following radio buttons: • Deny Login fr om Defined Addr esses . Deny logging in from the IP addres ses in the Defined Addresse[...]
-
Página 325
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Managing Users, Authentica tion, and Certificates 9-15 v1.0, January 2010 3. Click the by Client Browser su bmenu tab. The by Client Browser s creen displays. Figure 9-9 shows a browser in the Defined Browsers table as an example. 4. In the Defined Bro wsers S tatus section of t[...]
-
Página 326
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 9-16 Managing Users, Authentication , and Certificates v1.0, January 2010 7. Click the Add table button. The browser is ad ded to the Defined Browsers table. 8. Repeat step 6 and step 7 for any ot her browsers that you want t o add to the Defined Browsers table. T o delete one o[...]
-
Página 327
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Managing Users, Authentica tion, and Certificates 9-17 v1.0, January 2010 3. Enter the settings as explained in Ta b l e 9 - 6 . 4. Click Apply to save your settings. Managing Digit al Certificates The UTM uses digital certificates (also known as X 509 certificates) duri ng the [...]
-
Página 328
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 9-18 Managing Users, Authentication , and Certificates v1.0, January 2010 On the UTM, the uploaded digital certificate is checked for validity and purpose. The digital certificate is accepted when it passes the validity te st and the purpose ma tches its use. The check for the p[...]
-
Página 329
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Managing Users, Authentica tion, and Certificates 9-19 v1.0, January 2010 The Certificates screen contains four tables that are explained in detail in the following sections: • T rusted Certificates (CA C ertificate) table . Contains the trusted dig ital certificates that were[...]
-
Página 330
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 9-20 Managing Users, Authentication , and Certificates v1.0, January 2010 The T rusted Certificates (CA Certificates) table lis ts the digital certificates of CAs and contains the following fields: • CA Identity (Subject Name) . The organization or person to whom the digital c[...]
-
Página 331
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Managing Users, Authentica tion, and Certificates 9-21 v1.0, January 2010 When a security alert is generated, the user can decide wh ether or not to trust the host. Generating a CSR and Obt aining a Self Certificate from a CA T o use a self ce rtificate, you must first request t[...]
-
Página 332
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 9-22 Managing Users, Authentication , and Certificates v1.0, January 2010 2. In the Generate Self Certificate Request section of the screen, enter the settings as explained in Ta b l e 9 - 7 . Figure 9-13 [Certificates, scree n 2 of 3] T able 9-7. Generate Self Ce rtificate Requ[...]
-
Página 333
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Managing Users, Authentica tion, and Certificates 9-23 v1.0, January 2010 3. Click the Generate table button. A new SCR is created and added to the Self Certificate Requests table. 4. In the Self Certificate Re quests table, click the Vi e w table button in the Action column to [...]
-
Página 334
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 9-24 Managing Users, Authentication , and Certificates v1.0, January 2010 5. Copy the contents of the Data to supply to CA text box into a text file, including all of the data contained from “----BEGIN CER TIFICA TE REQUEST ---” to “---END CER TIFICA TE REQUEST ---”. 6. [...]
-
Página 335
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Managing Users, Authentica tion, and Certificates 9-25 v1.0, January 2010 10. Click Br owse and navigate to the digital certificate file from the CA that you just stored on your computer . 11 . Click the Upload table button. If the verification proc ess on the UTM approves the d[...]
-
Página 336
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 9-26 Managing Users, Authentication , and Certificates v1.0, January 2010 T o view the currently-loaded CRLs and upload a new CRL: 1. Select VPN > Certificates from the menu. The Certificates sc reen displays. Figure 9-15 shows the bottom section of the screen with Certificat[...]
-
Página 337
10-1 v1.0, January 2010 Chapter 10 Network and System Management This chapter describes the tools fo r managing the network traffic to optimize its performance and the syst em manage ment featu res of the UTM. This chapter contains the following sections: • “Performance Management ” on this page . • “System Management” on page 10-9 . Pe[...]
-
Página 338
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 10-2 Network and System Management v1.0, January 2010 • Auto-rol lover mode (dual-W AN port models only): 1.5 Mbps (one active W AN port at 1.5 Mbps) • Single-W A N port mode (single-W AN port models an d dual-W AN port models ): 1.5 Mbp s (one active W AN port at 1.5 Mbps) [...]
-
Página 339
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network and System Management 10- 3 v1.0, January 2010 • ALLOW by schedule, otherwise block The section below summarizes the various criteria that yo u can apply to outbound rules in order to reduce traffic. For more info rmation about outbound rules, see “Outbound Ru les (S[...]
-
Página 340
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 10-4 Network and System Management v1.0, January 2010 • QoS Profile . Y ou can define QoS profiles and then apply them to ou tbound rules to regulat e the priority of t raffic. T o define QoS profiles, see “Creating Quality of Service (QoS) Profiles” on page 5-35 . • Ban[...]
-
Página 341
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network and System Management 10- 5 v1.0, January 2010 – URL blocking . Y ou can specify up to 200 URLs that are bloc ked by the UTM. For more information, see “Configuring W eb URL Filtering” on page 6-30 . – W eb services blocking . Y ou can block W eb services suc h a[...]
-
Página 342
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 10-6 Network and System Management v1.0, January 2010 LAN W AN Inbound Rules and DMZ W AN Inbound Rules (Port Forwarding) The LAN W AN Rules sc reen and the DMZ W AN Rule s screen list all existi ng rules for inbound traffic (from W AN to LAN and from W AN to the DM Z). If you h[...]
-
Página 343
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network and System Management 10- 7 v1.0, January 2010 – Address range . The rule is applied to a range of addresses. – Groups . The rule is applied to a group of PCs. (Y ou can configure groups for LAN W AN outbound rules but n ot for DMZ W AN outbound rules.) The Known PCs[...]
-
Página 344
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 10-8 Network and System Management v1.0, January 2010 e-mail server) and provide public access to them. Th e fourth LAN port on the UTM (the rightmost LAN port) can be dedicated as a hardware DMZ po rt to safely provide services to the Internet without compromising security on y[...]
-
Página 345
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network and System Management 10- 9 v1.0, January 2010 For more information ab out QoS profiles, see “Creating Quality of Service (QoS) Profiles” on page 5-35 . Assigning Bandwid th Profiles By applying a Q oS profile, the W AN bandw idth does not chan ge. Y ou ch ange the W[...]
-
Página 346
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 10-10 Network and System Management v1.0, January 2010 T o modify the administrator user acc ount settings, includ ing the password: 1. Select Users > Users from the menu. The Users screen displays. Figure 10-1 shows the UTM’ s default users—admin an d guest—and , as an[...]
-
Página 347
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network and System Managem ent 10-11 v1.0, January 2010 3. Select the Check to Edit Password checkbox. The password fields become active. 4. Enter the old password, ent er the new password, and then co nfirm the new password. 5. As an option, you can chan ge th e idle timeout fo[...]
-
Página 348
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 10-12 Network and System Management v1.0, January 2010 Configuring Remote Management Ac cess An administrator can configure, upgrade, and chec k the status of the UTM over the Internet via a Secure Sockets Layer (SSL) VPN connection. T o configure the UTM for remote managemen t:[...]
-
Página 349
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network and System Managem ent 10-13 v1.0, January 2010 4. Click Apply to save your changes. When remote management is en abled, you must use an SSL connection to access the UTM from the Internet. Y ou must enter https:// (not http:// ) and type the UTM’ s W AN IP address in y[...]
-
Página 350
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 10-14 Network and System Management v1.0, January 2010 Using an SNMP Manager Simple Network Management Protocol (SNMP) fo rms part of the Internet Protocol Suite as defined by the Internet Engineerin g T ask Force (IETF). SNMP is used in network ma nagement systems to monitor ne[...]
-
Página 351
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network and System Managem ent 10-15 v1.0, January 2010 2. Enter the settings as explained in T able 10-1 . 3. Click Apply to save your settings. Managing the Configuration File The configuration settings of the UT M are stored in a configuration f ile on the UTM. This file can [...]
-
Página 352
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 10-16 Network and System Management v1.0, January 2010 The Backup & Restore Settings screen lets you: • back up and save a co py of the current settings • restore saved settings from the backed-up file • revert to the factory default settings. T o display the Backup &a[...]
-
Página 353
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network and System Managem ent 10-17 v1.0, January 2010 2. Select Save file , and then click OK . 3. Open the folder where you have saved the backup file, and then verify that it has been saved successfully . Note the fol lo wing: • If your br owser is not config ured to save [...]
-
Página 354
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 10-18 Network and System Management v1.0, January 2010 Reverting to Factory Default Settin gs T o reset the UTM to the original factory default settings, you can use on e of the following two methods: • Using a sharp object, press and hold the Reset button on the rear panel of[...]
-
Página 355
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network and System Managem ent 10-19 v1.0, January 2010 Vie wing the A vailable Firmware V ersions T o view the current version o f the firmware that y our UTM is running and the other available firmware versions: 1. Select Administration > System Update from the menu. The Sy[...]
-
Página 356
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 10-20 Network and System Management v1.0, January 2010 3. T o see which other firmware versions are available, click Query under the Firmware Download section to allow the UT M to connect to the NE TGEAR update server . The Firmware Download section shows the availa ble firmware[...]
-
Página 357
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network and System Managem ent 10-21 v1.0, January 2010 Rebooting Without Changing the Firmware T o reboot the UTM without changing the firmware: 1. In the Firmware Reboot section of the Firmware screen (see Figure 10-6 on page 10-19 ), select the active firmware version by clic[...]
-
Página 358
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 10-22 Network and System Management v1.0, January 2010 The Info section shows the following information fields for the scan engine firmware and patte rn file: • Current V e rsion . The version of the files. • Last Updated . The date of the most recent update. T o immediat el[...]
-
Página 359
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network and System Managem ent 10-23 v1.0, January 2010 Configuring Automatic Up date and Frequency Settings T o configure the update settings and frequency settings for auto matic downloading of the scan engine firmware and pattern file: 1. Locate the Update Se ttings, Frequenc[...]
-
Página 360
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 10-24 Network and System Management v1.0, January 2010 Configuring Date and T ime Service Configure date, time and NTP server designations on the System Date & T ime screen. Network T ime Pro t o col (NTP) is a protocol that is used to synchronize comp uter clock times in a [...]
-
Página 361
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network and System Managem ent 10-25 v1.0, January 2010 3. Click Apply to save your settings. Automatically Adjust for Daylight Savings Time If daylight savings time is suppor ted in your region, select the Automatically Adjust for Daylight Savings T ime checkbox. NTP Server (de[...]
-
Página 362
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 10-26 Network and System Management v1.0, January 2010[...]
-
Página 363
11-1 v1.0, January 2010 Chapter 1 1 Monitoring System Access and Performance This chapter describes the system monitoring features of the UTM. Y ou can be alerted to important events such as a W AN port rollover , W AN traffic limits reached, login failures , and attacks. Y ou can also view status information about the fire wall, W AN ports, LAN po[...]
-
Página 364
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-2 Monitoring System Access and Performanc e v1.0, January 2010 The Internet T raffic S tatistics section in the lowe r part of the screen displays statistics on Internet traffic via the W AN port. If you have no t enabled the traffic meter , these statistics are not available[...]
-
Página 365
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring System Access a nd Performance 11-3 v1.0, January 2010 T able 1 1-1. W AN T raffic Meter Settings Setting Description (or Subf ield and Description) Enable T raffic Meter Do you want to enable T raffic Metering on W AN1? (dual-W A N port models) or Do you want to enab[...]
-
Página 366
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-4 Monitoring System Access and Performanc e v1.0, January 2010 3. Click Apply to save your settings. 4. For the dual-W AN port models only , click the W AN2 T raffic Meter submenu tab. The W A N2 T raffic Meter screen displays. This screen is id entical to the W AN1 Traf fic [...]
-
Página 367
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring System Access a nd Performance 11-5 v1.0, January 2010 Configuring Logging, Alert s , and Event Notifications By default, the UTM logs security-related even ts such as accepted and dropped packets on different segments of your LAN, denied incomi ng and outgoing servic[...]
-
Página 368
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-6 Monitoring System Access and Performanc e v1.0, January 2010 2. Enter the settings as explained in Ta b l e 1 1 - 2 . 3. Click T est to ensure that the connection to the server and e-mail address succe eds. 4. Click Apply to save your settings. Configuring and Activating Sy[...]
-
Página 369
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring System Access a nd Performance 11-7 v1.0, January 2010 Figure 1 1-4[...]
-
Página 370
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-8 Monitoring System Access and Performanc e v1.0, January 2010 2. Enter the settings as explained in Ta b l e 1 1 - 2 . T able 1 1-3. E-mail and Syslog Setting s Setting Description (or Subfield and Description ) System Logs Opti on Select the checkboxes to specify which syst[...]
-
Página 371
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring System Access a nd Performance 11-9 v1.0, January 2010 Enable (continued) Select Logs to Send (continued) • IPS Logs . All IPS events. • SSL VPN Logs . All SSL VPN events. • IPSEC VPN Logs . All IPsec VPN events. • Content Filter Lo gs . All attempts to acce s[...]
-
Página 372
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-10 Monitoring System Access and Performanc e v1.0, January 2010 3. Click Apply to save your settings or click Clear Log Information to clear the selected logs. Configuring and Activating Up date Failure and Attack Alert s Y ou can configure the UTM to send an e-mail aler t wh[...]
-
Página 373
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring Syst em Acce ss an d Per fo rma nc e 11-11 v1.0, January 2010 3. Enter the settings as explained in Ta b l e 1 1 - 4 . Figure 1 1-5 T able 1 1-4. Alerts Se ttings Setting Description (or Subfield an d Des c ripti on ) Enable Update Failure Alerts Select this checkbox [...]
-
Página 374
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-12 Monitoring System Access and Performanc e v1.0, January 2010 4. Click Apply to save your settings. Enable Malware Alerts (continued) Subject Enter the subject line for the e-ma il alert. Th e default text is “[Malware alert]”. Message Enter the content for the e-mail a[...]
-
Página 375
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring Syst em Acce ss an d Per fo rma nc e 11-13 v1.0, January 2010 Configuring and Activating Firewall Logs Y ou can configure the logging options for each network segment. For example, the UTM can log accepted packets for LAN-to-W AN tr affic, dropped packets for W AN- to[...]
-
Página 376
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-14 Monitoring System Access and Performanc e v1.0, January 2010 4. Click Apply to save your settings. Monitoring Real-T ime T raffic, Security , and St atistics When you start up the UTM, the de fault screen that displays is the Dashboard screen, which lets you monitor the re[...]
-
Página 377
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring Syst em Acce ss an d Per fo rma nc e 11-15 v1.0, January 2010 Figure 1 1-7 [Dashboard, screen 1 of 3][...]
-
Página 378
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-16 Monitoring System Access and Performanc e v1.0, January 2010 T o clear the statistics, click Clear S tatistics . T o set the poll interval: 1. Click the St o p button. 2. From the Poll Interval pull-down menu, select a new interval (the minimum is 5 seconds, the maximum is[...]
-
Página 379
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring Syst em Acce ss an d Per fo rma nc e 11-17 v1.0, January 2010 Threat s (Count s ) This is a graphic that shows the relative number of th reats and access violations over the last week, using different colors for the various applications. Note : IMBlock stands for inst[...]
-
Página 380
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-18 Monitoring System Access and Performanc e v1.0, January 2010 T able 1 1-7 explains the fields of the Most Recent 5 and T op 5 sections of the Dashboard screen. T able 1 1-7. Dashboard: Most Recent 5 and T op 5 Information Category Most Recent 5 Description T op 5 Des cript[...]
-
Página 381
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring Syst em Acce ss an d Per fo rma nc e 11-19 v1.0, January 2010 T able 1 1-8 explains the fields of the Service Statistics section of the Dashboard screen. Figure 1 1-9 [Dashboard, screen 3 of 3] T able 1 1-8. Dashboard: Service St atistics Informatio n Item Description[...]
-
Página 382
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-20 Monitoring System Access and Performanc e v1.0, January 2010 V iewing S t atus Screens The UTM provides real-time informa tion in a variety of status screens that are described in the following sections: • “V iewing System Status ” on this page. • “V iewing Activ[...]
-
Página 383
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring Syst em Acce ss an d Per fo rma nc e 11-21 v1.0, January 2010 T able 1 1-9 explains the fields of the Status and System Information sections of the System Status screen. Figure 1 1-10 [System St atus, screen 1 of 3] T able 1 1-9. System St atus: St atus and System Inf[...]
-
Página 384
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-22 Monitoring System Access and Performanc e v1.0, January 2010 T able 1 1-10 on page 1 1-23 explains the fields of the System Status screen of a dual-W AN port model with the W AN1 Configuration, W AN2 Co nfiguration, and LAN Port sections. On the System Status screen for si[...]
-
Página 385
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring Syst em Acce ss an d Per fo rma nc e 11-23 v1.0, January 2010 T able 1 1-1 1 on page 1 1-24 explains the Interface S tatistics section of the System Status screen. T able 1 1-10. System St atus: W AN Configuration and LAN Port Information Setting Description (or Sub f[...]
-
Página 386
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-24 Monitoring System Access and Performanc e v1.0, January 2010 V iewing Active VPN Users The Active Users screen displays a list of admini strators , IPsec VPN, and SSL VPN users that are currently logged into the UTM. T o display the list of active VPN users: Select Monitor[...]
-
Página 387
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring Syst em Acce ss an d Per fo rma nc e 11-25 v1.0, January 2010 2. Click the IPSec VPN Connection S tatus submenu tab. The IPSec VPN Conn ec tio n S tatus screen displays. The Active IPsec SAs table lists each active conn ection with the informa tion that is described i[...]
-
Página 388
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-26 Monitoring System Access and Performanc e v1.0, January 2010 2. Click the SSL VPN Connection S tatus submen u tab. The SSL VPN Connection Status screen displays. The active user ’ s user name, group, and IP ad dres s are listed in the table with a timestamp indicating th[...]
-
Página 389
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring Syst em Acce ss an d Per fo rma nc e 11-27 v1.0, January 2010 2. Click the St a t u s option arrow at the top right of the Port T rig gering screen.The Port T riggering Status screen appears in a popup window . The Port T riggering Status screen displa ys the informat[...]
-
Página 390
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-28 Monitoring System Access and Performanc e v1.0, January 2010 2. Click the WA N St a t u s option arrow at the top right of the W AN1 ISP Settings screen (dual- W A N port models) or W AN1 ISP Settings screen (single-W AN port models). The Connection Status screen appears i[...]
-
Página 391
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring Syst em Acce ss an d Per fo rma nc e 11-29 v1.0, January 2010 The Connection Status screen displays the information that is described in T a ble 1 1-14 . Depending on the type o f connections, any of the following buttons may be disp layed on the Connection Status scr[...]
-
Página 392
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-30 Monitoring System Access and Performanc e v1.0, January 2010 2. Click the LAN Groups submenu tab. The LAN Groups screen displays ( Figure 1 1-21 shows some examples in the Known PCs and Devices table). Figure 1 1-20 Figure 1 1-21[...]
-
Página 393
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring Syst em Acce ss an d Per fo rma nc e 11-31 v1.0, January 2010 The Known PCs and Devices table contains a list of all known PCs and network devices that are assigned dynamic IP addresses by the UTM, or have been discovered by other means. Collectively , these entries m[...]
-
Página 394
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-32 Monitoring System Access and Performanc e v1.0, January 2010 Querying Logs and Generating Report s The extensive logging and reportin g functions of the UTM let you perform the following tasks that help you to monitor the protection of th e network and the performance of t[...]
-
Página 395
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring Syst em Acce ss an d Per fo rma nc e 11-33 v1.0, January 2010 • System Logs . The system event logs that you have specified on the Email and Syslog screen (see “Configuring and Activating Syst em, E-mail, and S yslog Logs” on page 11-6 ). However , by default, m[...]
-
Página 396
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-34 Monitoring System Access and Performanc e v1.0, January 2010 3. Enter the settings as explained in T able 1 1-15 . Figure 1 1-23 T able 1 1-15. Logs Query Settings Setting Description (or Subf ield and Description) Log T ype Select one of the following log typ es from the [...]
-
Página 397
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring Syst em Acce ss an d Per fo rma nc e 11-35 v1.0, January 2010 Log T yp e (continued) • Service Logs . All events that are related to th e status of scanning and filtering services that are part of the Applicat ion Security main navigation menu. These events include [...]
-
Página 398
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-36 Monitoring System Access and Performanc e v1.0, January 2010 Search Criteria (continued) Client IP T he client IP address that is queried. This field is avail able for the fol lowing logs : T raffic, S pam, M alware, Content f ilters, Port Scan, IPS, Instant Messaging/Peer[...]
-
Página 399
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring Syst em Acce ss an d Per fo rma nc e 11-37 v1.0, January 2010 4. Click one of the fo llowi ng action buttons: • Search . Query the log according to the search crite ria that you specifie d and view the log through the W eb Mana gem ent Interface, that is, on screen.[...]
-
Página 400
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-38 Monitoring System Access and Performanc e v1.0, January 2010 Example: Using Logs to Identify Infected Clie nt s Y ou can use the UTM logs to he lp identify potentially infected clients on the network. For example, clients that are genera ting abnormally high volumes of HTT[...]
-
Página 401
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring Syst em Acce ss an d Per fo rma nc e 11-39 v1.0, January 2010 Scheduling and Generat ing Report s The UTM lets you sched ule and generate three types of reports: • Email Reports . For each protocol (SMTP , POP3, and IM AP), the report shows, the following informatio[...]
-
Página 402
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-40 Monitoring System Access and Performanc e v1.0, January 2010 – The following ap plication incident are sho wn per day , both in tables and graphics: • Number of instant messaging application violations, top 10 violating instant messaging applications by count, and top [...]
-
Página 403
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring Syst em Acce ss an d Per fo rma nc e 11-41 v1.0, January 2010 3. Enter the settings as explained in T able 1 1-16 . 4. Click Generate . After a few minutes, the report is ad ded to the Report List, which can conta in a maximum of fiv e saved reports. (T o delete a a p[...]
-
Página 404
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-42 Monitoring System Access and Performanc e v1.0, January 2010 Scheduling Report s T o schedu le au tomatic genera tio n and e-mailing of re ports: 1. Select Monitoring > Logs & Reports from the menu. The Logs & Reports submenu tabs appear , with the Email and Sys[...]
-
Página 405
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring Syst em Acce ss an d Per fo rma nc e 11-43 v1.0, January 2010 4. Click Apply to save your settings. Using Diagnostics Utilities The UTM provides diagn ostic tools that help you an alyze traf fic conditions and the status of the network. T wo sets of tools are availabl[...]
-
Página 406
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-44 Monitoring System Access and Performanc e v1.0, January 2010 Using the Network Diagnostic T ools This section discusses the Network Diagnostics sec tion and the Perform a DNS Lookup section of the Diagno sti cs scree n . Sending a Ping Packet Use the Ping utility to send a[...]
-
Página 407
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring Syst em Acce ss an d Per fo rma nc e 11-45 v1.0, January 2010 T racing a Route A traceroute lists all routers between the source (the UTM) an d the destination IP addre ss. T o send a traceroute: 1. Locate the Network Diagnostics s ection on the Diagnostics screen. 2.[...]
-
Página 408
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-46 Monitoring System Access and Performanc e v1.0, January 2010 Using the Realtime T r affic Diagnostics T ool This section discusses the Realtime T raffic Diag nostics section and the Perform a DNS L ookup section of the Diagnostics screen. Y ou can use the Realtime Traf fic[...]
-
Página 409
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Monitoring Syst em Acce ss an d Per fo rma nc e 11-47 v1.0, January 2010 Gathering Import ant Log Information and Generating a Network St atistics Report When you request support, NETGEAR T echnical Support might ask you to collect the debu g logs and other information from your[...]
-
Página 410
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 11-48 Monitoring System Access and Performanc e v1.0, January 2010 T o generate the Network Statistic Report: 1. Locate the Network S tatistics Report section on the Diagnostics screen. 2. Click Generate Network S tatistics . The network statistics report is sent as an e-mail to[...]
-
Página 411
12-1 v1.0, January 2010 Chapter 12 T roubleshooting and Using Online Support This chapter provides troubleshooting tips and information for the UTM. After each problem description, instructions are prov ided to help you diagnose and solve the problem. For the common problems listed, go to the section indicated. •I s t h e U T M o n ? Go to “Bas[...]
-
Página 412
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 12-2 Troubleshooting and Using Online Support v1.0, January 2010 Basic Functioning After you turn on power to the UTM, the following sequen ce of events should occur: 1. When power is first applied, ve rify that the PWR LED is on. 2. After approximately two minutes, verify that:[...]
-
Página 413
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Troubleshooting and Using Online Su pport 12-3 v1.0, January 2010 LAN or W AN Port LEDs Not On If either the LAN LEDs or W AN LEDs do not light when the Eth ernet conn ection is ma de, check the following: • Make sure that the Ethernet cable conne ctions ar e secure at the UTM[...]
-
Página 414
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 12-4 Troubleshooting and Using Online Support v1.0, January 2010 • If your UTM’ s IP address has been changed and you do not know the current IP address, clear the UTM’ s configuration to factory defa ults. This sets the UTM’ s IP address to 192.168.1.1 . This procedure [...]
-
Página 415
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Troubleshooting and Using Online Su pport 12-5 v1.0, January 2010 • If the computer is configured correctly , but still not working, ensure that the UTM is connected and turned on. Connect to the W e b Management Interface and check the UTM’ s settings. If you cannot connect[...]
-
Página 416
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 12-6 Troubleshooting and Using Online Support v1.0, January 2010 If your UTM is still unable to ob tain an IP addr ess from the ISP , the problem might be one of the following: • Y our ISP might require a login prog ram. Ask your ISP whether they require PPP over Ethe rnet (PP[...]
-
Página 417
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Troubleshooting and Using Online Su pport 12-7 v1.0, January 2010 T roubleshooting a TCP/IP Ne twork Using a Ping Utility Most TCP/IP terminal devices and firewalls contain a ping utility th at sends an echo request packet to the designated device. The device then respond s with[...]
-
Página 418
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 12-8 Troubleshooting and Using Online Support v1.0, January 2010 T esting th e Path from Y ou r PC to a Remote Device After verifying that the LAN path works correctly , test the path from your PC to a remote device. From the W indows run menu, type: PING -n 10 < IP address &[...]
-
Página 419
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Troubleshooting and Using Online Su pport 12-9 v1.0, January 2010 Restoring the Default Co nfiguration and Password T o reset the UTM to the original factory default settings, you can use on e of the following two methods: • Push the Reset button on the rear panel of the UTM ([...]
-
Página 420
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 12-10 Troubleshooting and Using Online Support v1.0, January 2010 Problems with Date and Ti me The System Date & T ime screen displays the current date and time of day (s ee “Configuring Date and T ime Service” on page 10-24 ). The UTM uses the Network Time Protocol (NTP[...]
-
Página 421
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Troubleshooting and Using Online Su pport 12-11 v1.0, January 2010 T o initiate the support tunnel: 1. Select Support > Online Support from the menu The Online Support screen displays. 2. In the Support Key field, enter the support key that was gi ven to you by NETGEAR 3. Cli[...]
-
Página 422
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual 12-12 Troubleshooting and Using Online Support v1.0, January 2010 T o submit a file to NETGEAR for analysis: 1. Select Support > Malware Analysis from the menu The Onli ne Support screen displays . 2. Enter the settings as explained in T able 12-1 . 3. Click Submit . Accessin[...]
-
Página 423
Default Settings and Technical Specifications A-1 v1.0, January 2010 Appendix A Default Settings and T echnical Specifications Y ou can use the Reset button located on the rear panel to reset all se ttings to their factory defaults. This is called a hard reset (for more information, see “Reverting to Factory Default Settings” on page 10-18 ). ?[...]
-
Página 424
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual A-2 Default Settings and Technical Specifications v1.0, January 2010 Ta b l e A - 2 shows the physical and techni cal specifications for the UTM. (continued) DHCP server Enabled DHCP starting IP address 192.168.1.2 DHCP starting IP address 192.168.1.100 Management T ime zone GMT[...]
-
Página 425
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Default Settings and Technical Specifications A-3 v1.0, January 2010 Ta b l e A - 3 shows the IPsec VPN specifications for the UTM. Environmental S pecifications Operati n g te mp eratur es C 0 º to 45º F 32º to 1 13º S torage temperatures C -20º to 70º F -4º to 158º Ope[...]
-
Página 426
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual A-4 Default Settings and Technical Specifications v1.0, January 2010 Ta b l e A - 4 shows the SSL VPN specifications for the UTM. IPsec authentication types Local User database, RADIUS P AP , RADIUS CHAP IPsec certificates supported CA digital certificate, Self digital certifica[...]
-
Página 427
Network Planning for Dual WAN Port s (Dual-WAN Port Models Only) B-1 v1.0, January 2010 Appendix B Network Planning for Dual W AN Port s (Dual-W AN Port Models Only) This appendix describes the factor s to consider when plannin g a network using a firewall that has dual W A N ports. This appendix does no t apply to single-W AN port models. This app[...]
-
Página 428
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual B-2 Network Planning for Dual WAN Ports (Dual-WAN Por t Mo dels On ly) v1.0, January 2010 • Protocol binding – For auto-rollover mod e, protocol binding d oes not apply . – For load balancing mod e, decide which protocols shoul d be bound to a specific W AN port. – Y ou [...]
-
Página 429
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network Planning for Dual WAN Port s (Dual-WAN Port Models Only) B-3 v1.0, January 2010 • Y ou can choose a variety of W AN options if th e factory default settings are not suitable for your installation. These options include enab ling a W AN port to respond to a ping, and se[...]
-
Página 430
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual B-4 Network Planning for Dual WAN Ports (Dual-WAN Por t Mo dels On ly) v1.0, January 2010 • ISP Domain Name Server (DNS) addresses • One ore more fixed IP addresses (also known as static IP addresses) Where Do I Get The Intern et Configuration Information? There are several [...]
-
Página 431
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network Planning for Dual WAN Port s (Dual-WAN Port Models Only) B-5 v1.0, January 2010 Gateway IP Address: ______ .______._ _____.______ Subnet Mask: ______ .______ .______. ______ • ISP DNS Server Addresses: If you were given DNS server addresses, fill in the following: Prim[...]
-
Página 432
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual B-6 Network Planning for Dual WAN Ports (Dual-WAN Por t Mo dels On ly) v1.0, January 2010 These various types of traffic and auto-rollover or lo ad balancing all interact to make the planning process more challenging: • Inbound T raffic . Unrequested incoming traffic can be di[...]
-
Página 433
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network Planning for Dual WAN Port s (Dual-WAN Port Models Only) B-7 v1.0, January 2010 • Dual W AN Ports in Load Balancing Mode . Load balancing for an UTM with dual W AN ports is similar to a single W AN gateway configur ation when you sp ecify the IP address. Each IP addres[...]
-
Página 434
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual B-8 Network Planning for Dual WAN Ports (Dual-WAN Por t Mo dels On ly) v1.0, January 2010 In the single W AN case, the W A N’ s Internet address is either fixed IP or a FQDN if the IP address is dynamic. Inbound T raffic to a Dual W AN Port System The IP address range of the U[...]
-
Página 435
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network Planning for Dual WAN Port s (Dual-WAN Port Models Only) B-9 v1.0, January 2010 V irtual Private Networks (VPNs) When implementing virtual private network (VPN) tunnels, a mechanis m must be used for determining the IP addresses of the tunnel end po ints. The addressing [...]
-
Página 436
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual B-10 Network Planning for Dual WAN Ports (Dual-WAN Por t Models Only) v1.0, January 2010 For a single W AN gateway configuration, use a FQDN when the IP address is dynamic and either an FQDN or the IP address itself when the IP addr ess is fixed. The situation is dif ferent in d[...]
-
Página 437
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network Planning for Dual WAN Port s (Dual-WAN Port Models Only) B-11 v1.0, January 2010 VPN Road W arrior (Client-to-Gateway) The following situations exemplify the requirements for a remote PC client with no firewall to establish a VPN tunnel with a gate way VPN firewall such [...]
-
Página 438
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual B-12 Network Planning for Dual WAN Ports (Dual-WAN Por t Models Only) v1.0, January 2010 The IP addresses of the W AN ports can be either fixed or dynamic, but you must alwa ys use a FQDN because the active W AN port could be either W AN1 or W AN2 (that is, the IP address of the[...]
-
Página 439
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network Planning for Dual WAN Port s (Dual-WAN Port Models Only) B-13 v1.0, January 2010 VPN Road W arrior: Dual Gateway W AN Ports for Load Balancing In a dual-W AN port load balancin g gateway configuration, the remo te PC initiates the VPN tunnel with the appropriate gateway [...]
-
Página 440
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual B-14 Network Planning for Dual WAN Ports (Dual-WAN Por t Models Only) v1.0, January 2010 The IP address of the gateway W AN ports can be either fixed or dynamic. If an IP address is dynamic, you must use a FQDN. If an IP address is fixed, an FQDN is optional. VPN Gateway-to-Gate[...]
-
Página 441
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network Planning for Dual WAN Port s (Dual-WAN Port Models Only) B-15 v1.0, January 2010 After a rollover of a gateway W AN po rt, the prev iously inactive gateway W AN port becomes the active port (port W AN_A2 in Figure B-15 ) and one of the gateways must re-establish the VPN [...]
-
Página 442
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual B-16 Network Planning for Dual WAN Ports (Dual-WAN Por t Models Only) v1.0, January 2010 VPN T elecommuter (Client-to-Gat eway Through a NA T Router) The following situations exemplify the requirements for a remote PC client connected to the Internet with a dynamic IP address th[...]
-
Página 443
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Network Planning for Dual WAN Port s (Dual-WAN Port Models Only) B-17 v1.0, January 2010 VPN T elecommuter: Dual Gateway W AN Port s for Improved Reliability In a dual-W AN port auto-rollover ga teway configuration, the remote PC client ini tiates the VPN tunnel with the ac tive[...]
-
Página 444
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual B-18 Network Planning for Dual WAN Ports (Dual-WAN Por t Models Only) v1.0, January 2010 The purpose of the FQDN is to toggle the domain name of th e gateway between the IP addresses of the active W AN port that is, W AN1 and W AN2) so that the remote PC client can determine the[...]
-
Página 445
System Logs and Error Messa ges C-1 v1.0, January 2010 Appendix C System Logs and Error Messages This appendix explains pro vides examples and ex planations of system l ogs and error message. When applicab le, a recomm ended action is provided. This appendix contains the following sections: • “System Log Messages” on page C-2 . • “Content[...]
-
Página 446
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual C-2 System Logs and Error Me ssages v1.0, January 2010 System Log Messages This section describes log messages that be long to one of the following categories: • Logs that are generated by traf fic that is meant for the UTM. • Logs that are generated by traffic that is route[...]
-
Página 447
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual System Logs and Error Message s C-3 v1.0, January 2010 Service Logs This section describes log messages generated duri ng firmware updates and other service-related events. NTP This section describes log messages generated by the NTP daemon during synchronization with the NTP se[...]
-
Página 448
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual C-4 System Logs and Error Me ssages v1.0, January 2010 Login/Logout This section describes logs that are generated by the administrative interfaces of the device. Firewall Rest art This section describes logs that are genera ted when the firewall restarts. IPsec Rest art This se[...]
-
Página 449
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual System Logs and Error Message s C-5 v1.0, January 2010 W AN S t atus This section describes the logs that are genera ted by the W AN component. If there are two ISP links for Internet co nnectivity , the router can be configured either in auto-rollover mode or load balancing mod[...]
-
Página 450
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual C-6 System Logs and Error Me ssages v1.0, January 2010 Load-Balancing Mode When the W AN mode is config ured for load balancing, bo th the W AN ports are active simultaneously and the traffic is balanced be tween them. If one W AN link goes down, all the traffic is diverted to t[...]
-
Página 451
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual System Logs and Error Message s C-7 v1.0, January 2010 PPP Logs This section describes the W A N PP P connection logs. The PPP type can be configured through the W eb Management Interface (see “Manually Configuring the Internet Connection” o n page 3-5 ). • PPPoE Idle-T im[...]
-
Página 452
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual C-8 System Logs and Error Me ssages v1.0, January 2010 • PPTP Idle-T imeout Logs • PPP Authentication Logs T able C-1 1. System Logs: W AN St atus, PPTP Idle-T imeout Message 1 Message 2 Message 3 Message 4 Message 5 Message 6 Message 7 Message 8 Message 9 Nov 29 1 1:19:02 [[...]
-
Página 453
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual System Logs and Error Message s C-9 v1.0, January 2010 T raffic Metering Logs This section describes logs that are genera te d when the traffic meter has reached a limit. Unicast Logs This section describes logs that are genera ted when the UTM processes unicast packets. ICMP Re[...]
-
Página 454
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual C-10 System Logs and Error Messages v1.0, January 2010 Multicast/Broadcast Logs This section describes logs that are generated when the UTM pr ocesses multicast and broadcast packets. Invalid Packet Logging This section describes logs that are genera ted when the UTM processes i[...]
-
Página 455
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual System Logs and Error Message s C-11 v1.0, January 2010 Message 2007 Oct 1 00:44:17 [UTM] [kernel] [INV ALID][BAD_CHECKSUM] DROP] SRC= 192.168.20.10 DST=192.168.20.2 PROTO=TCP SPT=23 DPT=54899 Explanation Bad checksu m. Recommended Action None Message 2007 Oct 1 00:44:17 [UTM] [[...]
-
Página 456
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual C-12 System Logs and Error Messages v1.0, January 2010 Content Filtering and Security Logs This section describes the log messa ges that are generated by the content filtering and security mechanisms. We b Filtering and Content Filtering Logs This section describes logs that are[...]
-
Página 457
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual System Logs and Error Message s C-13 v1.0, January 2010 S p am Logs This section describes logs that are generate d when the UTM filters spam e-mail messages. Message 20 09-0 8-01 00:00:01 HTT P 192.1 68.1.3 192.168.35.165 http://192.168.35.165/testcases /file s/virus/normal/%b4[...]
-
Página 458
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual C-14 System Logs and Error Messages v1.0, January 2010 T raffic Logs This section describes logs that are genera te d when the UTM processes W eb and e-mail traffic. V irus Logs This section describes logs that are genera ted when the UTM detects viruses. E-mail Filter Logs This[...]
-
Página 459
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual System Logs and Error Message s C-15 v1.0, January 2010 IPS Logs This section describes logs that are ge nerated when traffic matches IPS rules. Port Scan Logs This section describes logs that ar e generated when ports are scanned. Inst ant Messaging/ Peer-to-Peer Logs This sect[...]
-
Página 460
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual C-16 System Logs and Error Messages v1.0, January 2010 Routing Logs This section explains the logging messages for each network segment such as LAN to W AN for debugging purposes. These logs might gene rate a significant volume of messages. LAN to W AN Logs This section describe[...]
-
Página 461
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual System Logs and Error Message s C-17 v1.0, January 2010 W AN to LAN Logs This section describes logs that are genera te d when the UTM processes W AN to LAN traffic. DMZ to LAN Logs This section describes logs that are genera te d when the UTM processes DMZ to LAN traffic. W AN [...]
-
Página 462
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual C-18 System Logs and Error Messages v1.0, January 2010[...]
-
Página 463
Two Factor Authen tic at ion D-1 v1.0, January 2010 Appendix D T wo Factor Authentication This appendix provides an ov erview of T wo-Fa ctor Authen tication, and an example of how to implement the W iKID solution. This appendix contains the following sections: • “Why do I need T wo-Factor Authentication? ” on thi s page. • “NETGEAR T wo-[...]
-
Página 464
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual D-2 Two Factor Authentication v1.0, January 2010 • Quick to deploy and manage . The W iKID solution integrates seamlessly with the NETGEAR SSL and VPN firewall products. • Proven r egulatory compliance . T wo-Factor Authentication has been used as a mandatory authentication [...]
-
Página 465
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Two Factor Auth en tic at ion D-3 v1.0, January 2010 The request-response architecture is capable of self-service initialization by end-users, dramatically reducing implementa tion and maintenance costs. Here is an example of how W iKID works. 1. The user launches the W iKID tok[...]
-
Página 466
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual D-4 Two Factor Authentication v1.0, January 2010 3. The user then proceeds to the T wo-Factor Auth entication login page and enters the generated one-time passcode as the lo gin password. Note: The one-time passcode is time synchronized to the authenticatio n server so that the [...]
-
Página 467
Related Documents E-1 v1.0, January 2010 Appendix E Related Document s This appendix provides links to reference documents yo u c an use to gain a more complete understanding of the technolog ies used in your NETGEAR product. Document Link TCP/IP Networking Basics http://documentation.netgear .com/ r eference/enu/tcpip/index.htm Wireless Networking[...]
-
Página 468
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual E-2 Related Documents v1.0, January 2010[...]
-
Página 469
Index-1 v1.0, January 2010 Index Numerics 10BaseT , 100BaseT , and 1000BaseT 3-23 A AAA 7-40 AC input 1- 12 access, remote management 10-12 action buttons (W eb Management Interface) 2-6 activating, ser vice licenses 1-8 , 2-27 Active Directory 8-6 , 9-2 , 9-5 Active LED (dual-W AN port models only) 1-12 ActiveX 6-24 , 6-28 ActiveX web cache cle an[...]
-
Página 470
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual Index-2 v1.0, January 2010 B backing up, configuration file 10-16 bandwidth capacity auto-rollover mode 10-2 LAN 10-1 load balancing mode 10-1 single W AN port mode 10-2 WA N 10-1 bandwidth limits, lo gging dropped packets 11 - 1 4 bandwidth profiles assigning to firewall rule 5[...]
-
Página 471
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Index-3 v1.0, January 2010 managing 10-15 restoring 10-17 reverting to defaults 10-18 configuration menu (W eb Management Interface) 2-5 connection requirements 2-1 speed and type, W AN 3-24 console port 1-12 content filtering audio and video files 6-28 compressed files 6-28 exe[...]
-
Página 472
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual Index-4 v1.0, January 2010 DMZ DHCP address pool 4-20 DNS servers 4-21 domain name 4-20 LDAP server 4-21 lease time 4-21 relay 4-21 server 4-20 WINS server 4-21 DNS proxy 4-22 firewall security 4-18 increasing tr affic 10-7 IP addresses 4-20 port 1-5 , 4-18 setup settings 4-20 s[...]
-
Página 473
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Index-5 v1.0, January 2010 F factory default settings reverting to 10-18 service license s, automatic retrieval 2-28 failover attempt s DNS lookup 3-13 pinging 3-13 failover protection.. See auto-rollover mode (dual-W AN port models). failure detection method (dual-W AN port mod[...]
-
Página 474
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual Index-6 v1.0, January 2010 HTTP action, infected W e b file or object 2-20 , 6-22 default port 2-17 , 6-20 enabling scanning 2-17 , 6-20 proxy , for HTTPS scanning 6-34 , 6-37 proxy , signatures & engine settings 2-25 trusted hosts 6-37 HTTPS action, infected W e b file or o[...]
-
Página 475
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Index-7 v1.0, January 2010 IP header 5-37 IP precedence 5-37 IP security . See IPsec. IP/MAC binding 5-44 IPS alerts 11 - 1 0 attacks categories 5-50 recent 5 and top 5 11 - 1 8 description 5-49 logs 11 - 9 , 11 - 3 3 , 11 - 3 5 outbreak alerts 11 - 1 0 defining 11 - 1 2 IPsec h[...]
-
Página 476
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual Index-8 v1.0, January 2010 configuring options 11 - 8 e-mail address for sending logs 2-23 , 11 - 6 firewall logs, configuring 11 - 1 3 management 11 - 3 8 querying logs 11 - 3 2 search criteria 11 - 3 5 selecting logs 11 - 3 4 specifying logs to send via e-mail 11 - 8 syslog se[...]
-
Página 477
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Index-9 v1.0, January 2010 planning, dual W AN ports (dual-W AN port models) B-1 protocols, supported 1-2 resources, SSL VPN 8-28 statistics report, diagnostics 11 - 4 7 traf fic statistic s 11 - 1 6 Network Access Server . See NAS. Network Address T ranslation. See NA T . Netwo[...]
-
Página 478
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual Index-10 v1.0, January 2010 IPsec VPN automatically generated (auto) 7-31 groups, configuring 9-6 managing 7-22 manually generated (manual) 7-31 SSL VPN managing 8-31 settings 8-34 policy hierarchy 8-31 pools, ModeConfig 7-45 POP3 action, infected e-mail 2-18 anti-virus settings[...]
-
Página 479
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Index-11 v1.0, January 2010 description 5-35 examples 5-35 shifting traf fic mix 10-8 value 5-37 quality of service. See QoS. question mark icon (W eb Management Interface) 2-7 R rack mounting kit 1-15 RADIUS backup server 7-42 description 9-2 NAS 7-42 primary server 7-42 RADIUS[...]
-
Página 480
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual Index-12 v1.0, January 2010 scan engine firmware 10-21 scan exceptions e-mail message size 2-19 W eb file or object size 2-20 scan signatures 10-21 scanning exclusions 6-44 size exceptions 6-6 , 6-23 , 6-41 scheduling blocking traffic 5-41 reports 11 - 4 2 W eb content filtering[...]
-
Página 481
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Index-13 v1.0, January 2010 spam blocked messages, recent 5 and top 5 11 - 1 8 Distributed Spam Analysis 6-16 logs 11 - 8 , 11 - 3 2 , 11 - 3 4 protection 6-1 1 real-time black list (RBL ) 6-14 whitelist and blacklist 6-12 Spamcop 6-15 Spamhaus 6-15 specifications, physic al and[...]
-
Página 482
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual Index-14 v1.0, January 2010 tabs, submenu (W eb Ma nagement Interface) 2-5 TCP flood, blocking 5-28 TCP time-out 5-31 TCP/IP network, troubleshooting 12-7 settings 2-9 technical specification s A-2 Te s t L E D 1-1 1 , 12-2 testing connectivity 2-26 HTTP scanning 2-26 time dayli[...]
-
Página 483
ProSecure Unified Th reat Management (UTM) Applia nce Reference Manual Index-15 v1.0, January 2010 V videoconferencing DMZ port 4-18 from restricted address 5-22 virtual LAN. See VLAN. V irtual Private Network Consortium. See VPNC. virtual private network. See VPN (tunnel). virus database 10-21 logs. See malware, l ogs, protection 6-5 , 6-21 signat[...]
-
Página 484
ProSecure Unified Threat Manage ment (UTM) Appliance Referen ce Manual Index-16 v1.0, January 2010 W WA N aliases 3-17 auto-rollover mode (dual-W AN port models) configuring 3-1 1 DDNS 3-19 description 3-9 settings 3-12 VPN IPsec 7-1 bandwidth capacity 10-1 classical rout i n g 3-1 1 connection speed and type 3-24 failure detection method (dual-W A[...]