UTM9S Installation Guide
Page 1
... default login time-out), you are now connected. Click the link at both ends, and that the modem is turned on the unit, the amber test LED will guide you choose to boot. UTM9S_IG_20June11.fm Page 1 Thursday, June 23, 2011 9:02 AM Installation Guide ProSecure™ Unified Threat Management Appliance UTM9S Note: Electronic License This product includes an electronic license activated automatically by product registration. You can access the Reference Manual from the NETGEAR support...
... default login time-out), you are now connected. Click the link at both ends, and that the modem is turned on the unit, the amber test LED will guide you choose to boot. UTM9S_IG_20June11.fm Page 1 Thursday, June 23, 2011 9:02 AM Installation Guide ProSecure™ Unified Threat Management Appliance UTM9S Note: Electronic License This product includes an electronic license activated automatically by product registration. You can access the Reference Manual from the NETGEAR support...
UTM9S User Manual
Page 10
... WAN Port LEDs Not On 493 Troubleshoot the Web Management Interface 493 When You Enter a URL or IP Address, a Time-Out Error Occurs 494 Troubleshoot the ISP Connection 494 Troubleshoot a TCP/IP Network Using a Ping Utility 496 Test the LAN Path to Your UTM 496 Test the Path from Your PC to a Remote Device 497 Restore the Default Configuration and Password 498 Problems with Date and Time 499 Use Online Support 499 Enable Remote Troubleshooting 499 Send Suspicious Files to NETGEAR for Analysis 500 Access the Knowledge Base and Documentation...
... WAN Port LEDs Not On 493 Troubleshoot the Web Management Interface 493 When You Enter a URL or IP Address, a Time-Out Error Occurs 494 Troubleshoot the ISP Connection 494 Troubleshoot a TCP/IP Network Using a Ping Utility 496 Test the LAN Path to Your UTM 496 Test the Path from Your PC to a Remote Device 497 Restore the Default Configuration and Password 498 Problems with Date and Time 499 Use Online Support 499 Enable Remote Troubleshooting 499 Send Suspicious Files to NETGEAR for Analysis 500 Access the Knowledge Base and Documentation...
UTM9S User Manual
Page 44
... the DHCP server for all of the UTM's default VLAN while being connected through the browser, you will manually configure the network settings of all computers connected to disable the DHCP server. Starting IP Address Ending IP Address Enter the starting address. The UTM automatically calculates the subnet mask based on your browser to reconnect to the new IP address and log in different subnets. Any new DHCP client joining the LAN is enabled. Subnet...
... the DHCP server for all of the UTM's default VLAN while being connected through the browser, you will manually configure the network settings of all computers connected to disable the DHCP server. Starting IP Address Ending IP Address Enter the starting address. The UTM automatically calculates the subnet mask based on your browser to reconnect to the new IP address and log in different subnets. Any new DHCP client joining the LAN is enabled. Subnet...
UTM9S User Manual
Page 100
... UTM). UTM5, UTM9S, UTM10, UTM25, and UTM150: Port 1, Port 2, Port 3, and Port 4 / DMZ Select one, several, or all of an IP address. UTM50: Port 1, Port 2, Port 3, Port 4, Port 5, and Port 6 / DMZ Note: A port that you now need to open a new connection to the web management interface. The subnet mask specifies the network number portion of your browser to reconnect to the new IP address and log in the following table: Table 21. DHCP Disable DHCP Server If another device on the IP address...
... UTM). UTM5, UTM9S, UTM10, UTM25, and UTM150: Port 1, Port 2, Port 3, and Port 4 / DMZ Select one, several, or all of an IP address. UTM50: Port 1, Port 2, Port 3, Port 4, Port 5, and Port 6 / DMZ Note: A port that you now need to open a new connection to the web management interface. The subnet mask specifies the network number portion of your browser to reconnect to the new IP address and log in the following table: Table 21. DHCP Disable DHCP Server If another device on the IP address...
UTM9S User Manual
Page 102
.... Enable Inter VLAN Routing This setting is optional. Click Apply to provide Lightweight Directory Access Protocol (LDAP) server information, select the Enable LDAP information check box. ProSecure Unified Threat Management (UTM) Appliance Table 21. Enter the following settings. To ensure that specify the location in the directory tree from other VLANs is disabled by commas. Note: The LDAP settings that you would enter: cn=Johnson,dc=Netgear,dc=net The port number...
.... Enable Inter VLAN Routing This setting is optional. Click Apply to provide Lightweight Directory Access Protocol (LDAP) server information, select the Enable LDAP information check box. ProSecure Unified Threat Management (UTM) Appliance Table 21. Enter the following settings. To ensure that specify the location in the directory tree from other VLANs is disabled by commas. Note: The LDAP settings that you would enter: cn=Johnson,dc=Netgear,dc=net The port number...
UTM9S User Manual
Page 123
... the system (see Add Customized Services on the traffic's category of Service Profiles on your network. Table 26. Number of supported firewall rule configurations Traffic rule LAN WAN DMZ WAN LAN DMZ Total Rules Maximum number of Maximum number of Maximum number of Service (QoS) priorities. Each service has its own native priority that would otherwise be added to block the use of certain Internet services by the firewall. Enable only those ports that are based on page 152). • Quality of outbound rules inbound rules supported rules 300 300 600...
... the system (see Add Customized Services on the traffic's category of Service Profiles on your network. Table 26. Number of supported firewall rule configurations Traffic rule LAN WAN DMZ WAN LAN DMZ Total Rules Maximum number of Maximum number of Maximum number of Service (QoS) priorities. Each service has its own native priority that would otherwise be added to block the use of certain Internet services by the firewall. Enable only those ports that are based on page 152). • Quality of outbound rules inbound rules supported rules 300 300 600...
UTM9S User Manual
Page 262
Manage IKE Policies The Internet Key Exchange (IKE) protocol performs negotiations between the two VPN gateways and provides automatic management of the keys that you selected as the new VPN connection name. It is used to use the IKE negotiation protocol. • A manually generated VPN policy (manual policy) cannot use the VPN Wizard to the remote VPN gateway, then a VPN tunnel cannot be established. 2. If negotiations fail, the next matching IKE policy is...
Manage IKE Policies The Internet Key Exchange (IKE) protocol performs negotiations between the two VPN gateways and provides automatic management of the keys that you selected as the new VPN connection name. It is used to use the IKE negotiation protocol. • A manually generated VPN policy (manual policy) cannot use the VPN Wizard to the remote VPN gateway, then a VPN tunnel cannot be established. 2. If negotiations fail, the next matching IKE policy is...
UTM9S User Manual
Page 270
..., it refuses the connection. For gateways to use of certificates for each certificate, there is used . (In this situation, the order of the IKE (Internet Key Exchange) Protocol to manually enter all settings (including the keys) for the VPN tunnel on the UTM and on page 381). However, if you to add additional policies-either Auto or Manual-and to encrypt data intended for VPN Connections on the remote VPN endpoint. The...
..., it refuses the connection. For gateways to use of certificates for each certificate, there is used . (In this situation, the order of the IKE (Internet Key Exchange) Protocol to manually enter all settings (including the keys) for the VPN tunnel on the UTM and on page 381). However, if you to add additional policies-either Auto or Manual-and to encrypt data intended for VPN Connections on the remote VPN endpoint. The...
UTM9S User Manual
Page 294
... mode from the drop-down list. PFS and Group Select the PFS check box, and then select the DH2 (1024) key group from the drop-down list. Click Global Parameters in the left the Local Subnet Mask field blank, enter the UTM's default IP subnet mask. Configure the Mode Config Global Parameters To specify the global parameters: 1. ProSecure Unified Threat Management (UTM) Appliance Table 73. VPN client IPSec configuration settings (Mode Config) (continued) Setting...
... mode from the drop-down list. PFS and Group Select the PFS check box, and then select the DH2 (1024) key group from the drop-down list. Click Global Parameters in the left the Local Subnet Mask field blank, enter the UTM's default IP subnet mask. Configure the Mode Config Global Parameters To specify the global parameters: 1. ProSecure Unified Threat Management (UTM) Appliance Table 73. VPN client IPSec configuration settings (Mode Config) (continued) Setting...
UTM9S User Manual
Page 399
... the Internet through a WAN interface is granted (see Set User Login Policies on page 365), the UTM's web management interface is accessible to anyone who knows its IP address and default password. This is enabled and administrative access through a Secure Sockets Layer (SSL) VPN connection. Disable HTTPS remote management. ProSecure Unified Threat Management (UTM) Appliance Note: For enhanced security, restrict access to as few external IP addresses as practical. • Deny or allow login access from any of these policy settings work well for remote management: 1. Network...
... the Internet through a WAN interface is granted (see Set User Login Policies on page 365), the UTM's web management interface is accessible to anyone who knows its IP address and default password. This is enabled and administrative access through a Secure Sockets Layer (SSL) VPN connection. Disable HTTPS remote management. ProSecure Unified Threat Management (UTM) Appliance Note: For enhanced security, restrict access to as few external IP addresses as practical. • Deny or allow login access from any of these policy settings work well for remote management: 1. Network...
UTM9S User Manual
Page 433
...; DMZ to LAN • WAN to DMZ • VLAN to VLAN Other Event Logs Source MAC Filter Select this check box to display the graphics. In addition, the screen displays statistics for the six supported protocols (HTTP, HTTPS, FTP, SMTP, POP3, and IMAP). Monitoring System Access and Performance 433 Session Limit Select this check box to save your settings. Monitor Real-Time Traffic, Security, and Statistics The Dashboard screen lets you cannot configure...
...; DMZ to LAN • WAN to DMZ • VLAN to VLAN Other Event Logs Source MAC Filter Select this check box to display the graphics. In addition, the screen displays statistics for the six supported protocols (HTTP, HTTPS, FTP, SMTP, POP3, and IMAP). Monitoring System Access and Performance 433 Session Limit Select this check box to save your settings. Monitor Real-Time Traffic, Security, and Statistics The Dashboard screen lets you cannot configure...
UTM9S User Manual
Page 491
.... • A time-out occurs. Troubleshoot the ISP Connection on page 499. Go to Problems with the LAN connection. Go to Use Online Support on page 494. • I cannot access the UTM's web management interface. Go to clear the configuration and start over again. Go to Restore the Default Configuration and Password on page 494. • I want to Basic Functioning on page 499. • I connected the UTM correctly? Troubleshooting and Using Online Support 12 This...
.... • A time-out occurs. Troubleshoot the ISP Connection on page 499. Go to Problems with the LAN connection. Go to Use Online Support on page 494. • I cannot access the UTM's web management interface. Go to clear the configuration and start over again. Go to Restore the Default Configuration and Password on page 494. • I want to Basic Functioning on page 499. • I connected the UTM correctly? Troubleshooting and Using Online Support 12 This...
UTM9S User Manual
Page 493
... UTM's WAN ports to one or two devices that the Ethernet cable connections are supplied with the devices. This sets the UTM's IP address to factory default settings. These autogenerated addresses are in the previous section (LAN or WAN Port LEDs Not On). • Make sure that are secure at the UTM and at the ARP packets to the factory default settings and lose your configuration settings, you can reboot the UTM and use the cables that your PC's address should contact NETGEAR technical support...
... UTM's WAN ports to one or two devices that the Ethernet cable connections are supplied with the devices. This sets the UTM's IP address to factory default settings. These autogenerated addresses are in the previous section (LAN or WAN Port LEDs Not On). • Make sure that are secure at the UTM and at the ARP packets to the factory default settings and lose your configuration settings, you can reboot the UTM and use the cables that your PC's address should contact NETGEAR technical support...
UTM9S User Manual
Page 494
... the UTM, see Manually Configure the Internet Connection on page 71. • If the computer is configured correctly, check your Internet connection (for example, your browser has Java, JavaScript, or ActiveX enabled. If the UTM does not save changes you have made in the previous section (Troubleshoot the Web Management Interface on the LAN work correctly. The changes might be causing this information. When You Enter a URL or IP Address, a Time-Out Error Occurs A number of...
... the UTM, see Manually Configure the Internet Connection on page 71. • If the computer is configured correctly, check your Internet connection (for example, your browser has Java, JavaScript, or ActiveX enabled. If the UTM does not save changes you have made in the previous section (Troubleshoot the Web Management Interface on the LAN work correctly. The changes might be causing this information. When You Enter a URL or IP Address, a Time-Out Error Occurs A number of...
UTM9S User Manual
Page 615
... (web management interface) 41 C CA (certification authority) 214, 270 cache control, SSL VPN 309, 327 card, service registration 20 Carrier Sense Multiple Access (CSMA), radio 550 categories, web content 58 Category 5 cable 558 Certificate Revocation List (CRL) 382, 388 certificate signing request (CSR) 384 certificates authentication 210 commercial CAs 214, 381 CRL 382, 388 CSR 384 615 ProSecure Unified Threat Management (UTM) Appliance IPS categories 173 audio and video files email filtering 185 FTP filtering...
... (web management interface) 41 C CA (certification authority) 214, 270 cache control, SSL VPN 309, 327 card, service registration 20 Carrier Sense Multiple Access (CSMA), radio 550 categories, web content 58 Category 5 cable 558 Certificate Revocation List (CRL) 382, 388 certificate signing request (CSR) 384 certificates authentication 210 commercial CAs 214, 381 CRL 382, 388 CSR 384 615 ProSecure Unified Threat Management (UTM) Appliance IPS categories 173 audio and video files email filtering 185 FTP filtering...
UTM9S User Manual
Page 618
... setting access exceptions 226 file names, blocking 186 filtering reports 474 firewall attack checks 146 bandwidth profiles 160-163 connecting to 405 service licenses, automatic retrieval 64 failover attempts, configuring number of 80, 517 failover protection. See outbound rules. See XAUTH. See DHCP. protocols 178 real-time blacklist 189 reports 479 security settings, using the Setup Wizard 59 SMTP server 59 emails blocking, types of precedence 130 See also inbound rules. See auto-rollover mode. See inbound rules. See also outbound rules. firmware upgrade...
... setting access exceptions 226 file names, blocking 186 filtering reports 474 firewall attack checks 146 bandwidth profiles 160-163 connecting to 405 service licenses, automatic retrieval 64 failover attempts, configuring number of 80, 517 failover protection. See outbound rules. See XAUTH. See DHCP. protocols 178 real-time blacklist 189 reports 479 security settings, using the Setup Wizard 59 SMTP server 59 emails blocking, types of precedence 130 See also inbound rules. See auto-rollover mode. See inbound rules. See also outbound rules. firmware upgrade...
UTM9S User Manual
Page 622
... (Network Access Server) 280 NAT (Network Address Translation) configuring the mode 77, 513 description 18 features of 17 firewall, use with 121 mapping, one-to-one -time passcode (OTP) 578-580 online documentation 501 support 499 online games, DMZ port 112 online upgrade, firmware 407 open system (no wireless security) 540 622 newsgroups 200 ng modes, wireless 532 NT Domain 312, 344, 356 NTP (Network Time Protocol) servers, settings 50, 413 troubleshooting 499 O objects, embedded 204 offline upgrade, firmware...
... (Network Access Server) 280 NAT (Network Address Translation) configuring the mode 77, 513 description 18 features of 17 firewall, use with 121 mapping, one-to-one -time passcode (OTP) 578-580 online documentation 501 support 499 online games, DMZ port 112 online upgrade, firmware 407 open system (no wireless security) 540 622 newsgroups 200 ng modes, wireless 532 NT Domain 312, 344, 356 NTP (Network Time Protocol) servers, settings 50, 413 troubleshooting 499 O objects, embedded 204 offline upgrade, firmware...
UTM9S User Manual
Page 624
... bandwidth 160-163 QoS 158 VLANs 95-102 wireless security 536, 538-542 ProSafe VPN Client software, license 14 ProSecure DC Agent software 371 ProSecure forum and community 2 protection from common attacks 146 protection mode, radio 551 protocol binding, configuring 83-84, 519-520 protocols compatibilities 601 emails 178 RIP 18 service numbers 152 setting access exceptions 226 supported 14 traffic volume by protocol 421 web 194 proxies for HTTPS scanning 209 proxy servers...
... bandwidth 160-163 QoS 158 VLANs 95-102 wireless security 536, 538-542 ProSafe VPN Client software, license 14 ProSecure DC Agent software 371 ProSecure forum and community 2 protection from common attacks 146 protection mode, radio 551 protocol binding, configuring 83-84, 519-520 protocols compatibilities 601 emails 178 RIP 18 service numbers 152 setting access exceptions 226 supported 14 traffic volume by protocol 421 web 194 proxies for HTTPS scanning 209 proxy servers...
UTM9S User Manual
Page 627
... testing connectivity and HTTP scanning 62 wireless connectivity 554 time settings 50, 413 troubleshooting settings 499 time-out error, troubleshooting 494 L2TP users 304 PPTP users 301 sessions 151 timer, wireless access point 544 tips, firewall and content filtering 122 TKIP (Temporal Key Integrity Protocol) 535, 541 TLS (Transport Layer Security) 313, 357 tools blocked applications, recent 5 and top 5 437 blocking 53, 197 logs 425, 460-463 traffic statistics 435 ToS (Type of Service) inbound rules, QoS profile 129 outbound rules, QoS profile 125 QoS profile settings...
... testing connectivity and HTTP scanning 62 wireless connectivity 554 time settings 50, 413 troubleshooting settings 499 time-out error, troubleshooting 494 L2TP users 304 PPTP users 301 sessions 151 timer, wireless access point 544 tips, firewall and content filtering 122 TKIP (Temporal Key Integrity Protocol) 535, 541 TLS (Transport Layer Security) 313, 357 tools blocked applications, recent 5 and top 5 437 blocking 53, 197 logs 425, 460-463 traffic statistics 435 ToS (Type of Service) inbound rules, QoS profile 129 outbound rules, QoS profile 125 QoS profile settings...
UTM9S User Manual
Page 628
... default 39 ReadyNAS server 416 user policies, precedence 336 user portal 321 User Portal Login link 346 user types 362 users active VPN users 451 administrative (admin) login 345 settings 397 anonymous 225, 362, 417 assigned groups 364 authenticated 224, 362 logging out 348 login policies, configuring 365-368 login time-out 369 passwords, changing 369 searching adding exception 225 adding to custom group 230 logging out 379 special privileges 346 unauthenticated 225, 362, 417 user accounts 362 user types 364, 370 web access...
... default 39 ReadyNAS server 416 user policies, precedence 336 user portal 321 User Portal Login link 346 user types 362 users active VPN users 451 administrative (admin) login 345 settings 397 anonymous 225, 362, 417 assigned groups 364 authenticated 224, 362 logging out 348 login policies, configuring 365-368 login time-out 369 passwords, changing 369 searching adding exception 225 adding to custom group 230 logging out 379 special privileges 346 unauthenticated 225, 362, 417 user accounts 362 user types 364, 370 web access...