Manuale UtenteSommarioProSecure Unified Threat Management UTM10 or UTM25 Reference Manual1Contents7About This Manual17Conventions, Formats, and Scope17How to Print This Manual18Revision History18Chapter 1 Introduction19What Is the ProSecure Unified Threat Management Appliance UTM10 or UTM25?19Key Features and Capabilities20Dual WAN Ports for Increased Reliability or Outbound Load Balancing (UTM25 Only)21Advanced VPN Support for Both IPsec and SSL21A Powerful, True Firewall22Stream Scanning for Content Filtering22Security Features23Autosensing Ethernet Connections with Auto Uplink23Extensive Protocol Support24Easy Installation and Management24Maintenance and Support25Service Registration Card with License Keys26Package Contents27Hardware Features27Front Panel27Rear Panel30Bottom Panel With Product Label30Choosing a Location for the UTM32Using the Rack-Mounting Kit32Chapter 2 Using the Setup Wizard to Provision the UTM in Your Network33Understanding the Steps for Initial Connection33Qualified Web Browsers34Logging In to the UTM34Understanding the Web Management Interface Menu Layout37Using the Setup Wizard to Perform the Initial Configuration39Setup Wizard Step 1 of 10: LAN Settings40Setup Wizard Step 2 of 10: WAN Settings43Setup Wizard Step 3 of 10: System Date and Time46Setup Wizard Step 4 of 10: Security Services48Setup Wizard Step 5 of 10: Email Security50Setup Wizard Step 6 of 10: Web Security51Setup Wizard Step 7 of 10: Web Categories to Be Blocked53Setup Wizard Step 8 of 10: Administrator Email Notification Settings55Setup Wizard Step 9 of 10: Security Subscription Update Settings56Setup Wizard Step 10 of 10: Saving the Configuration58Verifying Proper Installation58Testing Connectivity58Testing HTTP Scanning58Registering the UTM with NETGEAR59What to Do Next61Chapter 3 Manually Configuring Internet and WAN Settings63Understanding the Internet and WAN Configuration Tasks63Configuring the Internet Connections64Automatically Detecting and Connecting64Setting the UTM’s MAC Address67Manually Configuring the Internet Connection67Configuring the WAN Mode (Required for the UTM25’s Dual WAN Mode)71Network Address Translation (UTM10 and UTM25)72Classical Routing (UTM10 and UTM25)72Configuring Auto-Rollover Mode (UTM25 Only)73Configuring Load Balancing and Optional Protocol Binding (UTM25 Only)76Configuring Secondary WAN Addresses79Configuring Dynamic DNS81Configuring Advanced WAN Options84Additional WAN-Related Configuration Tasks86Chapter 4 LAN Configuration87Managing Virtual LANs and DHCP Options87Managing the UTM’s Port-Based VLANs88VLAN DHCP Options90DHCP Server90DHCP Relay91DNS Proxy91LDAP Server92Configuring a VLAN Profile92Configuring Multi-Home LAN IPs on the Default VLAN97Managing Groups and Hosts (LAN Groups)98Managing the Network Database99Adding PCs or Devices to the Network Database101Editing PCs or Devices in the Network Database102Changing Group Names in the Network Database102Setting Up Address Reservation103Configuring and Enabling the DMZ Port104Managing Routing108Configuring Static Routes109Configuring Routing Information Protocol (RIP)110Static Route Example113Chapter 5 Firewall Protection115About Firewall Protection115Administrator Tips116Using Rules to Block or Allow Specific Kinds of Traffic117Services-Based Rules117Outbound Rules (Service Blocking)118Inbound Rules (Port Forwarding)120Order of Precedence for Rules124Setting LAN WAN Rules125LAN WAN Outbound Services Rules126LAN WAN Inbound Services Rules127Setting DMZ WAN Rules128DMZ WAN Outbound Services Rules130DMZ WAN Inbound Services Rules131Setting LAN DMZ Rules132LAN DMZ Outbound Services Rules133LAN DMZ Inbound Services Rules134Attack Checks134Setting Session Limits137Managing the Application Level Gateway for SIP Sessions138Inbound Rules Examples139LAN WAN Inbound Rule: Hosting A Local Public Web Server139LAN WAN Inbound Rule: Allowing Videoconference from Restricted Addresses140LAN WAN or DMZ WAN Inbound Rule: Setting Up One-to-One NAT Mapping140LAN WAN or DMZ WAN Inbound Rule: Specifying an Exposed Host142Outbound Rules Example143LAN WAN Outbound Rule: Blocking Instant Messenger143Creating Services, QoS Profiles, and Bandwidth Profiles144Adding Customized Services144Creating Quality of Service (QoS) Profiles147Creating Bandwidth Profiles150Setting a Schedule to Block or Allow Specific Traffic153Enabling Source MAC Filtering154Setting up IP/MAC Bindings156Configuring Port Triggering158Using the Intrusion Prevention System161Chapter 6 Content Filtering and Optimizing Scans165About Content Filtering and Scans165Default E-mail and Web Scan Settings166Configuring E-mail Protection167Customizing E-mail Protocol Scan Settings168Customizing E-mail Anti-Virus and Notification Settings169E-mail Content Filtering172Protecting Against E-mail Spam175Setting Up the Whitelist and Blacklist176Configuring the Real-time Blacklist178By default, the UTM comes with three pre-defined blacklist providers: Dsbl, Spamhaus, and Spamcop. There is no limit to the number of blacklist providers that you can add to the RBL sources.179Configuring Distributed Spam Analysis180Configuring Web and Services Protection183Customizing Web Protocol Scan Settings and Services183Configuring Web Malware Scans185Configuring Web Content Filtering187Configuring Web URL Filtering194HTTPS Scan Settings198Specifying Trusted Hosts201Configuring FTP Scans203Setting Web Access Exceptions and Scanning Exclusions205Setting Web Access Exception Rules205Setting Scanning Exclusions208Chapter 7 Virtual Private Networking Using IPsec Connections211Considerations for Dual WAN Port Systems (UTM25 Only)211Using the IPsec VPN Wizard for Client and Gateway Configurations213Creating Gateway-to-Gateway VPN Tunnels with the Wizard213Creating a Client to Gateway VPN Tunnel218Using the VPN Wizard Configure the Gateway for a Client Tunnel218Using the NETGEAR VPN Client Security Policy Editor to Create a Secure Connection221Testing the Connections and Viewing Status Information226Testing the VPN Connection226NETGEAR VPN Client Status and Log Information227Viewing the UTM IPsec VPN Connection Status229Viewing the UTM IPsec VPN Log230Managing IPsec VPN Policies231Managing IKE Policies232The IKE Policies Screen232Manually Adding or Editing an IKE Policy234Managing VPN Policies240The VPN Policies Screen240Manually Adding or Editing a VPN Policy242Configuring Extended Authentication (XAUTH)247Configuring XAUTH for VPN Clients248User Database Configuration249RADIUS Client Configuration249Assigning IP Addresses to Remote Users (Mode Config)252Mode Config Operation252Configuring Mode Config Operation on the UTM252Configuring the ProSafe VPN Client for Mode Config Operation259Testing the Mode Config Connection264Configuring Keepalives and Dead Peer Detection264Configuring Keepalives265Configuring Dead Peer Connection266Configuring NetBIOS Bridging with IPsec VPN268Chapter 8 Virtual Private Networking Using SSL Connections269Understanding the SSL VPN Portal Options269Using the SSL VPN Wizard for Client Configurations270SSL VPN Wizard Step 1 of 6: Portal Settings271SSL VPN Wizard Step 2 of 6: Domain Settings273SSL VPN Wizard Step 3 of 6: User Settings275SSL VPN Wizard Step 4 of 6: Client IP Address Range and Routes277SSL VPN Wizard Step 5 of 6: Port Forwarding279SSL VPN Wizard Step 6 of 6: Verify and Save Your Settings281Accessing the New SSL Portal Login Screen282Viewing the UTM SSL VPN Connection Status284Viewing the UTM SSL VPN Log284Manually Configuring and Editing SSL Connections285Creating the Portal Layout286Configuring Domains, Groups, and Users290Configuring Applications for Port Forwarding290Adding Servers and Port Numbers291Adding A New Host Name292Configuring the SSL VPN Client293Configuring the Client IP Address Range294Adding Routes for VPN Tunnel Clients295Using Network Resource Objects to Simplify Policies296Adding New Network Resources297Editing Network Resources to Specify Addresses298Configuring User, Group, and Global Policies299Viewing Policies300Adding a Policy301Chapter 9 Managing Users, Authentication, and Certificates307Configuring VPN Authentication Domains, Groups, and Users307Configuring Domains308Configuring Groups for VPN Policies312Creating and Deleting Groups313Editing Groups314Configuring User Accounts315Setting User Login Policies318Configuring Login Policies318Configuring Login Restrictions Based on IP Address319Configuring Login Restrictions Based on Web Browser320Changing Passwords and Other User Settings322Managing Digital Certificates323Managing CA Certificates325Managing Self Certificates326Generating a CSR and Obtaining a Self Certificate from a CA327Viewing and Managing Self Certificates331Managing the Certificate Revocation List331Chapter 10 Network and System Management333Performance Management333Bandwidth Capacity333Features That Reduce Traffic334LAN WAN Outbound Rules and DMZ WAN Outbound Rules (Service Blocking)334Content Filtering336Source MAC Filtering337Features That Increase Traffic337LAN WAN Inbound Rules and DMZ WAN Inbound Rules (Port Forwarding)337Port Triggering339Configuring the DMZ Port339For the information on how to enable the DMZ port, see “Configuring and Enabling the DMZ Port” on page 4-18. For the procedures on how to configure DMZ traffic rules, see “Setting DMZ WAN Rules” on page 5-14.340Configuring Exposed Hosts340Configuring VPN Tunnels340Using QoS and Bandwidth Assignment to Shift the Traffic Mix340Assigning QoS Profiles340Monitoring Tools for Traffic Management341System Management341Changing Passwords and Administrator Settings341Configuring Remote Management Access344Using an SNMP Manager346Managing the Configuration File347Backup Settings348Restore Settings349Reverting to Factory Default Settings350Updating the Firmware350Viewing the Available Firmware Versions351Upgrading the Firmware and Rebooting the UTM352Rebooting Without Changing the Firmware353Updating the Scan Signatures and Scan Engine Firmware353Configuring Automatic Update and Frequency Settings355Configuring Date and Time Service356Chapter 11 Monitoring System Access and Performance359Enabling the WAN Traffic Meter359Configuring Logging, Alerts, and Event Notifications363Configuring the E-mail Notification Server363Configuring and Activating System, E-mail, and Syslog Logs364Configuring and Activating Update Failure and Attack Alerts368Configuring and Activating Firewall Logs371Monitoring Real-Time Traffic, Security, and Statistics372Viewing Status Screens378Viewing System Status378Viewing Active VPN Users382Viewing VPN Tunnel Connection Status382Viewing Port Triggering Status384Viewing the WAN Ports Status385Viewing Attached Devices and the DHCP Log387Viewing Attached Devices387Viewing the DHCP Log389Querying Logs and Generating Reports390Querying the Logs390Example: Using Logs to Identify Infected Clients396Log Management396Scheduling and Generating Reports397Generating Reports398Scheduling Reports400Using Diagnostics Utilities401Using the Network Diagnostic Tools402Sending a Ping Packet402Tracing a Route403Displaying the Routing Table403Looking up a DNS Address403Using the Realtime Traffic Diagnostics Tool404Gathering Important Log Information and Generating a Network Statistics Report405Gathering Important Log Information405Rebooting and Shutting Down the UTM406Chapter 12 Troubleshooting and Using Online Support407Basic Functioning408Power LED Not On408Test LED Never Turns Off408LAN or WAN Port LEDs Not On409Troubleshooting the Web Management Interface409When You Enter a URL or IP Address a Time-out Error Occurs410Troubleshooting the ISP Connection411Troubleshooting a TCP/IP Network Using a Ping Utility412Testing the LAN Path to Your UTM413Testing the Path from Your PC to a Remote Device413Restoring the Default Configuration and Password414Problems with Date and Time415Using Online Support416Enabling Remote Troubleshooting416Sending Suspicious Files to NETGEAR for Analysis417Accessing the Knowledge Base and Documentation418Appendix A Default Settings and Technical Specifications419Appendix B Network Planning for Dual WAN Ports (UTM25 Only)423What to Consider Before You Begin423Cabling and Computer Hardware Requirements425Computer Network Configuration Requirements425Internet Configuration Requirements425Where Do I Get The Internet Configuration Information?426Internet Connection Information426Overview of the Planning Process427Inbound Traffic429Inbound Traffic to a Single WAN Port System429Inbound Traffic to a Dual WAN Port System430Inbound Traffic: Dual WAN Ports for Improved Reliability430Inbound Traffic: Dual WAN Ports for Load Balancing430Virtual Private Networks (VPNs)431VPN Road Warrior (Client-to-Gateway)433VPN Road Warrior: Single Gateway WAN Port (Reference Case)433VPN Road Warrior: Dual Gateway WAN Ports for Improved Reliability433VPN Road Warrior: Dual Gateway WAN Ports for Load Balancing435VPN Gateway-to-Gateway435VPN Gateway-to-Gateway: Single Gateway WAN Ports (Reference Case)435VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Improved Reliability436VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Load Balancing437VPN Telecommuter (Client-to-Gateway Through a NAT Router)438VPN Telecommuter: Single Gateway WAN Port (Reference Case)438VPN Telecommuter: Dual Gateway WAN Ports for Improved Reliability439VPN Telecommuter: Dual Gateway WAN Ports for Load Balancing440Appendix C System Logs and Error Messages441System Log Messages442System Startup442Reboot442Service Logs443NTP443Login/Logout444Firewall Restart444IPsec Restart444WAN Status445Auto-Rollover Mode445Load-Balancing Mode446PPP Logs447Traffic Metering Logs449Unicast Logs449ICMP Redirect Logs449Multicast/Broadcast Logs450Invalid Packet Logging450Content Filtering and Security Logs452Web Filtering and Content Filtering Logs452Spam Logs453Traffic Logs454Virus Logs454E-mail Filter Logs454IPS Logs455Port Scan Logs455Instant Messaging/Peer-to-Peer Logs455Routing Logs456LAN to WAN Logs456LAN to DMZ Logs456DMZ to WAN Logs456WAN to LAN Logs457DMZ to LAN Logs457WAN to DMZ Logs457Appendix D Two Factor Authentication459Why do I need Two-Factor Authentication?459What are the benefits of Two-Factor Authentication?459What is Two-Factor Authentication460NETGEAR Two-Factor Authentication Solutions460Appendix E Related Documents463Index465Dimensioni: 6,28 MBPagine: 480Language: EnglishApri il manuale