Netgear UTM25EW-100NAS ユーザーズマニュアル
ProSecure Unified Threat Management UTM10 or UTM25 Reference Manual
Content Filtering and Optimizing Scans
6-37
v1.0, September 2009
4. Click Apply to save your settings.
Specifying Trusted Hosts
You can specify trusted hosts for which the UTM bypasses HTTPS traffic scanning and security
certificate authentication. The security certificate is sent directly to the client for authentication,
which means that the user does not receive a security alert for trusted hosts. For more information
about security alerts, see
certificate authentication. The security certificate is sent directly to the client for authentication,
which means that the user does not receive a security alert for trusted hosts. For more information
about security alerts, see
.
Note that certain sites contain elements from different HTTPS hosts. As an example, assume that
the https://example.com site contains HTTPS elements from the following three hosts:
the https://example.com site contains HTTPS elements from the following three hosts:
•
trustedhostserver1.example.com
•
trustedhostserver2.example.com
•
imageserver.example.com
Table 6-10. HTTPS Settings
Setting
Description (or Subfield and Description)
HTTP Tunneling
Select this checkbox to allow scanning of HTTPS connections through an HTTP proxy, which is
disabled by default. Traffic from trusted hosts is not scanned (see
disabled by default. Traffic from trusted hosts is not scanned (see
Note: For HTTPS scanning to occur properly, you must add the HTTP proxy server port in the Ports to
Scan field for the HTTPS service on the Services screen (see
Scan field for the HTTPS service on the Services screen (see
).
HTTPS 3rd Party Website Certificate Handling
Select the Allow the UTM to present the website to the client checkbox to allow a Secure Sockets
Layer (SSL) connection with a valid certificate that is not signed by a trusted certificate authority (CA).
The default setting is to block such as a connection.
Layer (SSL) connection with a valid certificate that is not signed by a trusted certificate authority (CA).
The default setting is to block such as a connection.
Show This Message When an SSL Connection Attempt Fails
By default, a rejected SSL connection is replaced with the following text, which you can customize:
“The SSL connection to %URL% cannot be established because of %REASON%.”
Note: Make sure that you keep the %URL% and %REASON% meta words in a message to enable the
UTM to insert the proper URL information and the reason of the rejection.
“The SSL connection to %URL% cannot be established because of %REASON%.”
Note: Make sure that you keep the %URL% and %REASON% meta words in a message to enable the
UTM to insert the proper URL information and the reason of the rejection.
Note: For information about certificates that are used for SSL connections and HTTPS
traffic, see
.