Reference Manual 3.0.1-124
Page 6
... UTM with NETGEAR 65 Use the Web Management Interface to Activate Licenses 65 Electronic Licensing 67 Automatic Retrieval of Licenses after a Factory Default Reset 67 Verify Correct Installation 68 Test Connectivity 68 Test HTTP Scanning 68 What to Do Next 68 Chapter 3 Manually Configure Internet and WAN Settings Internet and WAN Configuration Tasks 71 Automatically Detecting and Connecting the Internet Connections 71 Manually Configure the Internet Connection 75 Configure the WAN Mode 80 Overview of the WAN Modes 80 Configure Network Address Translation (All Models 81 Configure...
... UTM with NETGEAR 65 Use the Web Management Interface to Activate Licenses 65 Electronic Licensing 67 Automatic Retrieval of Licenses after a Factory Default Reset 67 Verify Correct Installation 68 Test Connectivity 68 Test HTTP Scanning 68 What to Do Next 68 Chapter 3 Manually Configure Internet and WAN Settings Internet and WAN Configuration Tasks 71 Automatically Detecting and Connecting the Internet Connections 71 Manually Configure the Internet Connection 75 Configure the WAN Mode 80 Overview of the WAN Modes 80 Configure Network Address Translation (All Models 81 Configure...
Reference Manual 3.0.1-124
Page 11
... WAN Port LEDs Not On 540 Troubleshoot the Web Management Interface 540 When You Enter a URL or IP Address, a Time-Out Error Occurs 541 Troubleshoot the ISP Connection 541 Troubleshoot a TCP/IP Network Using a Ping Utility 543 Test the LAN Path to Your UTM 543 Test the Path from Your Computer to a Remote Device 544 Restore the Default Configuration and Password 545 Problems with Date and Time 546 Use Online Support 546 Enable Remote Troubleshooting 546 Send Suspicious Files to NETGEAR for Analysis 547 Access the Knowledge Base and Documentation...
... WAN Port LEDs Not On 540 Troubleshoot the Web Management Interface 540 When You Enter a URL or IP Address, a Time-Out Error Occurs 541 Troubleshoot the ISP Connection 541 Troubleshoot a TCP/IP Network Using a Ping Utility 543 Test the LAN Path to Your UTM 543 Test the Path from Your Computer to a Remote Device 544 Restore the Default Configuration and Password 545 Problems with Date and Time 546 Use Online Support 546 Enable Remote Troubleshooting 546 Send Suspicious Files to NETGEAR for Analysis 547 Access the Knowledge Base and Documentation...
Reference Manual 3.0.1-124
Page 18
... settings to map one -user license of VPN client software on the model, bundled with an NMVDSLA or NMVDSLB DSL network module installed. Adjustable power output allows more access points that are supported to four wireless security profiles, each Differentiated Services Code Point (DSCP) value. • Wireless Distribution System (WDS). Remote access by telecommuters requires the installation of the NETGEAR ProSafe VPN Client software (VPN01L). IPSec VPN with an NMWLSN wireless network module installed. Introduction 18 ProSecure Unified Threat Management (UTM) Appliance Wireless...
... settings to map one -user license of VPN client software on the model, bundled with an NMVDSLA or NMVDSLB DSL network module installed. Adjustable power output allows more access points that are supported to four wireless security profiles, each Differentiated Services Code Point (DSCP) value. • Wireless Distribution System (WDS). Remote access by telecommuters requires the installation of the NETGEAR ProSafe VPN Client software (VPN01L). IPSec VPN with an NMWLSN wireless network module installed. Introduction 18 ProSecure Unified Threat Management (UTM) Appliance Wireless...
Reference Manual 3.0.1-124
Page 47
... the 9 configuration screens of the Setup Wizard. ProSecure Unified Threat Management (UTM) Appliance Use the Setup Wizard to Perform the Initial Configuration • Setup Wizard Step 1 of 10: LAN Settings • Setup Wizard Step 2 of 10: WAN Settings • Setup Wizard Step 3 of 10: System Date and Time • Setup Wizard Step 4 of 10: Services • Setup Wizard Step 5 of 10: Email Security • Setup Wizard Step 6 of 10: Web Security • Setup Wizard Step 7 of 10: Web Categories to Be Blocked • Setup Wizard Step 8 of...
... the 9 configuration screens of the Setup Wizard. ProSecure Unified Threat Management (UTM) Appliance Use the Setup Wizard to Perform the Initial Configuration • Setup Wizard Step 1 of 10: LAN Settings • Setup Wizard Step 2 of 10: WAN Settings • Setup Wizard Step 3 of 10: System Date and Time • Setup Wizard Step 4 of 10: Services • Setup Wizard Step 5 of 10: Email Security • Setup Wizard Step 6 of 10: Web Security • Setup Wizard Step 7 of 10: Web Categories to Be Blocked • Setup Wizard Step 8 of...
Reference Manual 3.0.1-124
Page 129
... to LAN WAN traffic, DMZ WAN traffic, and LAN DMZ traffic. Note: See Enable Source MAC Filtering on page 179 for them to a request from the LAN side to disallow it. • Inbound rules (port forwarding). You can be configured to block outbound traffic from selected computers that traffic (see Create Quality of service: • Outbound rules (service blocking). Allow all access from the LAN side. • Outbound. Inbound traffic is usually blocked by the firewall unless the traffic is called service blocking or port filtering. This is in the factory defaults list...
... to LAN WAN traffic, DMZ WAN traffic, and LAN DMZ traffic. Note: See Enable Source MAC Filtering on page 179 for them to a request from the LAN side to disallow it. • Inbound rules (port forwarding). You can be configured to block outbound traffic from selected computers that traffic (see Create Quality of service: • Outbound rules (service blocking). Allow all access from the LAN side. • Outbound. Inbound traffic is usually blocked by the firewall unless the traffic is called service blocking or port filtering. This is in the factory defaults list...
Reference Manual 3.0.1-124
Page 292
... situations occur: 1. The VPN tunnel is used to start negotiations with the remote VPN gateway: - It is important to remember that: • An automatically generated VPN policy (auto policy) needs to set up a VPN tunnel, an IKE policy is established and populated in the Manual Policy Parameters section of the matching IKE policies are used . - ProSecure Unified Threat Management (UTM) Appliance Manage IKE Policies The Internet Key Exchange (IKE) protocol...
... situations occur: 1. The VPN tunnel is used to start negotiations with the remote VPN gateway: - It is important to remember that: • An automatically generated VPN policy (auto policy) needs to set up a VPN tunnel, an IKE policy is established and populated in the Manual Policy Parameters section of the matching IKE policies are used . - ProSecure Unified Threat Management (UTM) Appliance Manage IKE Policies The Internet Key Exchange (IKE) protocol...
Reference Manual 3.0.1-124
Page 300
... public key is freely distributed, and is required on the remote VPN endpoint manually (unless the remote VPN endpoint also has a VPN Wizard). You manually enter all settings on each VPN gateway needs to use of certificates for authentication reduces the amount of VPN policies. The use a CA, each VPN endpoint. ProSecure Unified Threat Management (UTM) Appliance Manage VPN Policies You can edit policies, enable or disable policies, or delete them entirely. otherwise, it refuses the connection...
... public key is freely distributed, and is required on the remote VPN endpoint manually (unless the remote VPN endpoint also has a VPN Wizard). You manually enter all settings on each VPN gateway needs to use of certificates for authentication reduces the amount of VPN policies. The use a CA, each VPN endpoint. ProSecure Unified Threat Management (UTM) Appliance Manage VPN Policies You can edit policies, enable or disable policies, or delete them entirely. otherwise, it refuses the connection...
Reference Manual 3.0.1-124
Page 438
...or allow login access from any browser. In general, these policy settings, see Configure Login Policies on page 404. ProSecure Unified Threat Management (UTM) Appliance Note: For enhanced security, restrict access to anyone who knows its IP address and default password. Because a malicious WAN user can configure, upgrade, and check the status of these policy settings work well for remote management: 1. Note: When remote management is enabled and administrative access through a Secure Sockets Layer (SSL) VPN connection. Network and System Management 438 The Remote Management...
...or allow login access from any browser. In general, these policy settings, see Configure Login Policies on page 404. ProSecure Unified Threat Management (UTM) Appliance Note: For enhanced security, restrict access to anyone who knows its IP address and default password. Because a malicious WAN user can configure, upgrade, and check the status of these policy settings work well for remote management: 1. Note: When remote management is enabled and administrative access through a Secure Sockets Layer (SSL) VPN connection. Network and System Management 438 The Remote Management...
Reference Manual 3.0.1-124
Page 496
... for WAN interfaces, see Manually Configure the Internet Connection on whether the WAN address is used on page 94. The IP address of Internet connection that is obtained dynamically through a DHCP server or assigned statically by you have configured on the xDSL network module. By default, the speed is 1,000,000 Kbps. ProSecure Unified Threat Management (UTM) Appliance Table 127. WAN Connection Type The detected type of the secondary DNS server. By default, the speed is 1,000,000 Kbps. These settings are either Enabled or Disabled...
... for WAN interfaces, see Manually Configure the Internet Connection on whether the WAN address is used on page 94. The IP address of Internet connection that is obtained dynamically through a DHCP server or assigned statically by you have configured on the xDSL network module. By default, the speed is 1,000,000 Kbps. ProSecure Unified Threat Management (UTM) Appliance Table 127. WAN Connection Type The detected type of the secondary DNS server. By default, the speed is 1,000,000 Kbps. These settings are either Enabled or Disabled...
Reference Manual 3.0.1-124
Page 541
....254.x.x: Windows and Mac operating systems generate and assign an IP address if the computer cannot reach a DHCP server. The factory default login name is admin, and the password is explained in Restore the Default Configuration and Password on page 540). • If the UTM is configured correctly, check your Internet connection (for example, your computer's IP address is able to the UTM and reboot your changes are in the web management interface, check the following troubleshooting steps: • Check whether...
....254.x.x: Windows and Mac operating systems generate and assign an IP address if the computer cannot reach a DHCP server. The factory default login name is admin, and the password is explained in Restore the Default Configuration and Password on page 540). • If the UTM is configured correctly, check your Internet connection (for example, your computer's IP address is able to the UTM and reboot your changes are in the web management interface, check the following troubleshooting steps: • Check whether...
Reference Manual 3.0.1-124
Page 553
ProSecure Unified Threat Management (UTM) Appliance Table 140. Figure 322. The WAN or DSL interface. • Status. Automatically Detecting and Connecting the xDSL Internet Connection To set up your settings. The status of the WAN or DSL interface. • Failure Detection Method. The IP address of the WAN or DSL interface (UP or DOWN). • WAN IP. WAN DNS (WAN DNS servers) - Ping (the configured IP address is displayed) xDSL Network Module for secure Internet connections, the web management interface provides the option to detect the network connection and ...
ProSecure Unified Threat Management (UTM) Appliance Table 140. Figure 322. The WAN or DSL interface. • Status. Automatically Detecting and Connecting the xDSL Internet Connection To set up your settings. The status of the WAN or DSL interface. • Failure Detection Method. The IP address of the WAN or DSL interface (UP or DOWN). • WAN IP. WAN DNS (WAN DNS servers) - Ping (the configured IP address is displayed) xDSL Network Module for secure Internet connections, the web management interface provides the option to detect the network connection and ...
Reference Manual 3.0.1-124
Page 555
... WAN Mode on page 561, and Troubleshoot the ISP Connection on the UTM9S and UTM25S only. xDSL Network Module for a range of the SLOT-x entry to support. To verify the connection: a. PPPoA Login, password, account name, and domain name. Click Test to the WAN screen by your changes. 5. b. The autodetect process probes the WAN port for the UTM9S and UTM25S 555 ProSecure Unified Threat Management (UTM) Appliance 3. Internet connection methods Connection method Manual data input required DHCP...
... WAN Mode on page 561, and Troubleshoot the ISP Connection on the UTM9S and UTM25S only. xDSL Network Module for a range of the SLOT-x entry to support. To verify the connection: a. PPPoA Login, password, account name, and domain name. Click Test to the WAN screen by your changes. 5. b. The autodetect process probes the WAN port for the UTM9S and UTM25S 555 ProSecure Unified Threat Management (UTM) Appliance 3. Internet connection methods Connection method Manual data input required DHCP...
Reference Manual 3.0.1-124
Page 687
... (Active Directory) LDAP MIAS (Microsoft Internet Authentication Ser- vice) NT Domain RADIUS WiKID auto uplink, autosensing Ethernet connections 20 autodetecting DSL settings 555 WAN settings 52, 73 auto-rollover mode DSL interfaces configuring 563-566 DDNS 572 described 562, 611 multiple WAN port models bandwidth capacity 429 configuring 82-84 DDNS 91 described 80 VPN IPSec 264 autosensing port speed 96 B b mode, wireless 582 background traffic, WMM QoS 600 backing up configuration file 446 bandwidth capacity 428-429 bandwidth limits, logging dropped packets 477 bandwidth profiles creating...
... (Active Directory) LDAP MIAS (Microsoft Internet Authentication Ser- vice) NT Domain RADIUS WiKID auto uplink, autosensing Ethernet connections 20 autodetecting DSL settings 555 WAN settings 52, 73 auto-rollover mode DSL interfaces configuring 563-566 DDNS 572 described 562, 611 multiple WAN port models bandwidth capacity 429 configuring 82-84 DDNS 91 described 80 VPN IPSec 264 autosensing port speed 96 B b mode, wireless 582 background traffic, WMM QoS 600 backing up configuration file 446 bandwidth capacity 428-429 bandwidth limits, logging dropped packets 477 bandwidth profiles creating...
Reference Manual 3.0.1-124
Page 691
... names. See also outbound rules. overview 19 QoS profiles 169 rules numbers and types supported 129 order of precedence 138 See also inbound rules. ProSecure Unified Threat Management (UTM) Appliance WAN settings 82-85 file extensions blocking 202, 218, 222 setting access exceptions 256 file names, blocking 202 filtering reports 522 firewall attack checks 157 bandwidth profiles 171-174 connecting to groups 253 guest access, wireless 602 guests, user account 401-403 GUI (graphical user interface) described 44 troubleshooting 540 H hard disk usage 487 hardware bottom panel label...
... names. See also outbound rules. overview 19 QoS profiles 169 rules numbers and types supported 129 order of precedence 138 See also inbound rules. ProSecure Unified Threat Management (UTM) Appliance WAN settings 82-85 file extensions blocking 202, 218, 222 setting access exceptions 256 file names, blocking 202 filtering reports 522 firewall attack checks 157 bandwidth profiles 171-174 connecting to groups 253 guest access, wireless 602 guests, user account 401-403 GUI (graphical user interface) described 44 troubleshooting 540 H hard disk usage 487 hardware bottom panel label...
Reference Manual 3.0.1-124
Page 692
...58 antivirus settings 197 content filtering and blocking 200-202 default port 56, 195 enabling scanning 56 importing certificates 233 inbound rules default 129 DMZ-to-WAN rules 144 examples 148 increasing traffic 432 LAN-to-DMZ rules 147 LAN-to-WAN rules 141 order of precedence 138 overview 133 settings 135 inbound traffic bandwidth 173 traffic meter 176 increasing traffic overview 432-435 port forwarding 134 infected clients, identifying 513 infrastructure mode, wireless access point 584 initial configuration, Setup Wizard 47 initial connection 41 installation guide 41 installation, verifying...
...58 antivirus settings 197 content filtering and blocking 200-202 default port 56, 195 enabling scanning 56 importing certificates 233 inbound rules default 129 DMZ-to-WAN rules 144 examples 148 increasing traffic 432 LAN-to-DMZ rules 147 LAN-to-WAN rules 141 order of precedence 138 overview 133 settings 135 inbound traffic bandwidth 173 traffic meter 176 increasing traffic overview 432-435 port forwarding 134 infected clients, identifying 513 infrastructure mode, wireless access point 584 initial configuration, Setup Wizard 47 initial connection 41 installation guide 41 installation, verifying...
Reference Manual 3.0.1-124
Page 695
...-646 online documentation 548 support 546 online games, DMZ port 117 online upgrade, firmware 449 open system (no wireless security) 590 operating frequencies, radio 581, 675 option arrow (web management interface) 45 Oray.net DSL settings 572-574 USB settings 618-620 WAN settings 91-93 order of precedence, firewall rules 138 OTP (one-time passcode) 644-646 OU (organizational unit), Active Directory 384 outbound rules default 129 DMZ-to-WAN rules 144 examples 153 LAN-to-DMZ rules 147 LAN-to-WAN rules 140...
...-646 online documentation 548 support 546 online games, DMZ port 117 online upgrade, firmware 449 open system (no wireless security) 590 operating frequencies, radio 581, 675 option arrow (web management interface) 45 Oray.net DSL settings 572-574 USB settings 618-620 WAN settings 91-93 order of precedence, firewall rules 138 OTP (one-time passcode) 644-646 OU (organizational unit), Active Directory 384 outbound rules default 129 DMZ-to-WAN rules 144 examples 153 LAN-to-DMZ rules 147 LAN-to-WAN rules 140...
Reference Manual 3.0.1-124
Page 700
... testing connectivity and HTTP scanning 68 wireless connectivity 602 time settings 55, 457 troubleshooting settings 546 time-out error, troubleshooting 541 L2TP users 335 PPTP users 332 sessions 161 timer, wireless access point 591 tips, firewall and content filtering 128 TKIP (Temporal Key Integrity Protocol) 585, 591 TLS (Transport Layer Security) 345, 392 tools blocked applications, recent 5 and top 5 481 logs 469, 508-510 traffic statistics 479 ToS (Type of Service) inbound rules, QoS profile 137 outbound rules, QoS profile 132 QoS profile settings 170 tracert, using...
... testing connectivity and HTTP scanning 68 wireless connectivity 602 time settings 55, 457 troubleshooting settings 546 time-out error, troubleshooting 541 L2TP users 335 PPTP users 332 sessions 161 timer, wireless access point 591 tips, firewall and content filtering 128 TKIP (Temporal Key Integrity Protocol) 585, 591 TLS (Transport Layer Security) 345, 392 tools blocked applications, recent 5 and top 5 481 logs 469, 508-510 traffic statistics 479 ToS (Type of Service) inbound rules, QoS profile 137 outbound rules, QoS profile 132 QoS profile settings 170 tracert, using...
Reference Manual 3.0.1-124
Page 701
... device, performing maintenance 536 USB port functioning 28 Internet connection, configuring 604-607 LEDs 32 nonfunctioning 25-27 User Datagram Protocol (UDP) 158, 184 user name default 43 ReadyNAS server 460 user policies, precedence 371 User Portal Login link 381 user portal, SSL-VPN 354 user types 401 users active VPN users 499 administrative (admin) login 380 settings 436 anonymous 253, 401, 461 assigned groups 403 authenticated 253, 401 default settings 671 logging out 383 login policies, configuring 404-407 login time-out 408 passwords, changing 408 searching adding...
... device, performing maintenance 536 USB port functioning 28 Internet connection, configuring 604-607 LEDs 32 nonfunctioning 25-27 User Datagram Protocol (UDP) 158, 184 user name default 43 ReadyNAS server 460 user policies, precedence 371 User Portal Login link 381 user portal, SSL-VPN 354 user types 401 users active VPN users 499 administrative (admin) login 380 settings 436 anonymous 253, 401, 461 assigned groups 403 authenticated 253, 401 default settings 671 logging out 383 login policies, configuring 404-407 login time-out 408 passwords, changing 408 searching adding...
Installation Guide
Page 1
... reference manual for instructions for configuring other options such as a broadband modern, connect a DHCP enabled computer to an active WAN connection such as multiple WAN settings, VPN, firewall, and custom scanning. USB port (future use a single WAN interface, and enable the default threat management scanning. Power connector 10. The power LED should turn on the unit, the amber test LED is lit for Basic Configuration The Setup Wizard guides you are now connected. When prompted, enter admin for the User Name and password for console 11. https...
... reference manual for instructions for configuring other options such as a broadband modern, connect a DHCP enabled computer to an active WAN connection such as multiple WAN settings, VPN, firewall, and custom scanning. USB port (future use a single WAN interface, and enable the default threat management scanning. Power connector 10. The power LED should turn on the unit, the amber test LED is lit for Basic Configuration The Setup Wizard guides you are now connected. When prompted, enter admin for the User Name and password for console 11. https...
Installation Guide
Page 2
... NETGEAR website. Licenses Your unit is automatically downloaded to configure these basic network and scanning settings: • LAN and WAN network settings. • System time (NTP server) and time zone. • Scanning of this document and the reference manual. Note: Be sure that the unit has Internet access before , use it in accordance with Innovation are revoked once you have purchased licenses, click Register. If using the online support remote diagnostics. Go to activate...
... NETGEAR website. Licenses Your unit is automatically downloaded to configure these basic network and scanning settings: • LAN and WAN network settings. • System time (NTP server) and time zone. • Scanning of this document and the reference manual. Note: Be sure that the unit has Internet access before , use it in accordance with Innovation are revoked once you have purchased licenses, click Register. If using the online support remote diagnostics. Go to activate...