Netgear UTM50-100NAS User Manual
ProSecure Unified Threat Management (UTM) Appliance Reference Manual
Content Filtering and Optimizing Scans
6-37
v1.0, January 2010
4. Click Apply to save your settings.
Specifying Trusted Hosts
You can specify trusted hosts for which the UTM bypasses HTTPS traffic scanning and security
certificate authentication. The security certificate is sent directly to the client for authentication,
which means that the user does not receive a security alert for trusted hosts. For more information
about security alerts, see
certificate authentication. The security certificate is sent directly to the client for authentication,
which means that the user does not receive a security alert for trusted hosts. For more information
about security alerts, see
.
Table 6-10. HTTPS Settings
Setting
Description (or Subfield and Description)
HTTP Tunneling
Select this checkbox to allow scanning of HTTPS connections through an HTTP proxy, which is
disabled by default. Traffic from trusted hosts is not scanned (see
disabled by default. Traffic from trusted hosts is not scanned (see
Note: For HTTPS scanning to occur properly, you must add the HTTP proxy server port in the Ports to
Scan field for the HTTPS service on the Services screen (see
Scan field for the HTTPS service on the Services screen (see
).
HTTPS 3rd Party Website Certificate Handling
Select the Allow the UTM to present the website to the client checkbox to allow a Secure Sockets
Layer (SSL) connection with a valid certificate that is not signed by a trusted certificate authority (CA).
The default setting is to block such as a connection.
Layer (SSL) connection with a valid certificate that is not signed by a trusted certificate authority (CA).
The default setting is to block such as a connection.
HTTPS SSL Settings
Select the Allow the UTM to handle HTTPS connections using SSLv2 checkbox to allow HTTPS
connections using SSLv2, SSLv3, or TLSv1. If this checkbox is deselected, the UTM allows HTTPS
connections using SSLv3 or TLSv1, but not using SSLv2.
connections using SSLv2, SSLv3, or TLSv1. If this checkbox is deselected, the UTM allows HTTPS
connections using SSLv3 or TLSv1, but not using SSLv2.
Show This Message When an SSL Connection Attempt Fails
By default, a rejected SSL connection is replaced with the following text, which you can customize:
“The SSL connection to %URL% cannot be established because of %REASON%.”
Note: Make sure that you keep the %URL% and %REASON% meta words in a message to enable the
UTM to insert the proper URL information and the reason of the rejection.
“The SSL connection to %URL% cannot be established because of %REASON%.”
Note: Make sure that you keep the %URL% and %REASON% meta words in a message to enable the
UTM to insert the proper URL information and the reason of the rejection.
Note: For information about certificates that are used for SSL connections and HTTPS
traffic, see
.