ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134 USA March 2009 202-10414-02 v1.
Trademarks NETGEAR and the NETGEAR logo are registered trademarks and ProSecure is a trademark of NETGEAR, Inc. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders. Statement of Conditions In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice.
Voluntary Control Council for Interference (VCCI) Statement This equipment is in the second category (information equipment to be used in a residential area or an adjacent area thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas. When used near a radio or TV receiver, it may become the cause of radio interference.
Open SSL Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions * are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2.
PPP Copyright (c) 1989 Carnegie Mellon University. All rights reserved. Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that the software was developed by Carnegie Mellon University.
vi v1.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Contents About This Manual Conventions, Formats, and Scope ................................................................................... xi Revision History ................................................................................................................xii Chapter 1 Introduction What is the ProSecure Web/Email Security Threat Management Appliance STM150? .1-1 About Stream Scanning .......................
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Testing HTTP Scanning .........................................................................................2-10 What to Do Next ...........................................................................................................2-10 Chapter 3 Performing System Management Tasks Modifying System Settings .............................................................................................
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Configuring Web Malware Scans ...........................................................................4-13 Configuring Web Content Filtering .........................................................................4-14 Configuring Web URL Filtering ..............................................................................4-17 HTTPS Scan Settings ............................................................................
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual x v1.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual About This Manual The NETGEAR® ProSecure™ Web/Email Security Threat Management Appliance STM150 Reference Manual describes how to configure and troubleshoot a ProSecure Web/Email Security Threat Management Appliance STM150. The information in this manual is intended for readers with intermediate computer and networking skills.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Danger: This is a safety warning. Failure to take heed of this notice may result in personal injury or death. • Scope.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Chapter 1 Introduction This chapter provides an overview of the features and capabilities of the ProSecure Web/Email Security Threat Management Appliance STM150. It also identifies the physical features of the appliance and the contents of its package.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual About Stream Scanning Stream scanning is based on the simple observation that network traffic travels in streams. The STM150 scan engine starts receiving and analyzing traffic as the stream enters the network. As soon as a number of bytes are available, scanning commences.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual What Can You Do with an STM150? The STM150 combines robust protection against malware with ease-of-use and advanced reporting and notification features to help you deploy and manage the device with minimal effort.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Service Registration Card with License Key(s) Be sure to store the license key card that came with your unit in a secure location. You will need these keys to activate your product during the initial setup, and if you ever have to reset the unit back to its factory defaults.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual 2. Power on test status 3. USB ports 4. Uplink switched N-way automatic speed negotiating auto MDI/MDIX Ethernet port 5. Downlink Ethernet ports Four switched N-way automatic speed negotiating auto MDI/MDIX Ethernet ports. Rear Panel Features The STM150 rear panel functions are described below: 1 5 2 3 4 Figure 1-3 1.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Default IP Address, Login Name, and Password Location Check the label on the bottom of the STM150’s enclosure if you need a reminder of the following factory default information: IP Address User Name Password Figure 1-4 Choosing a Location for the STM150 The STM150 is suitable for use in an office environment where it can be free-standing or mounted in a standard 19-inch equipment rack.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Using the Rack Mounting Kit Use the provided mounting kit for the STM150 to install the appliance to a rack. The mounting brackets supplied with the STM150 are usually installed before the unit is shipped out. If the brackets are not yet installed, attach them using the supplied hardware.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual 1-8 Introduction v1.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Chapter 2 Provisioning Threat Management Services Provisioning the STM150 ProSecure Web/Email Security Threat Management Appliance STM150 in your network is described in this chapter.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Gateway Deployment Figure 2-1 In a typical gateway deployment scenario, a single STM150 appliance is installed at the gateway – between the firewall and the LAN core switch – to protect the network against all malware threats entering and leaving the gateway. Installing the STM150 behind the firewall protects it from DoS attacks. 2-2 Provisioning Threat Management Services v1.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Server Group Figure 2-2 In a server group deployment, one STM150 appliance is installed at the gateway and another in front of the server group. This type of deployment helps split the network load and provides the mail server with dedicated protection against malware, including email-borne viruses and spam. Note: This configuration helps protect the mail server from internal as well as external clients.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Segmented LAN Deployment. Figure 2-3 In a segmented LAN deployment, one STM150 appliance is installed in front of each network segment. This type of deployment helps split the network load and protects network segments from malware coming in through the gateway or originating from other segments. Note: In segmented LAN deployment, VLAN is not supported; VLAN traffic cannot pass through the STM150.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Logging In to the STM150 Follow these steps to log in to the STM150. 1. Use a browser to connect to https://192.168.1.201. https://192.168.1.201 Figure 2-4 Note: The STM150 factory default IP address is 192.168.1.201. If you changed it, you must use the IP address you assigned it. 2. When prompted, enter admin for the User Name and password for the Password.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual 3. Click Login. The default Monitoring > Security page displays. Figure 2-6 Note: During the initial setup, the setup wizard displays when your first log in; afterward the login takes you to the system status page. The Support tab on the main menu contains links to the online NETGEAR STM150 product documentation and support knowledgebase.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Registering the STM150 To receive threat management component updates and technical support, you need to register your STM150 appliance. Figure 2-7 The registration key (see “Service Registration Card with License Key(s)” on page 1-4) is provided in the product package. If your STM150 is connected to the Internet, you can register it online. 1. Select Support > Registration. The registration page displays 2.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Use the Setup Wizard to Complete the Configuration Follow the wizard prompts to configure these settings: • Network settings - If these were set earlier, skip this page or update these as needed. • Set the system time (NTP server) and time zone. • Configure Email Security settings. • Configure Web Security. • Specify the Email notification server to receive logs, alerts, and reports. • Configure update settings.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Email Notification Server On this wizard page, type the email address that you want to appear in the notification email as sender. For example, you can type 'STM150@mydomain.com'. Enter the SMTP server host name or IP address. The STM150 will send notification emails via this SMTP server.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Testing Connectivity Do the following to verify that network traffic can pass through the STM150: • Ping an Internet URL. • Ping the IP address of a device on either side of the STM150. Testing HTTP Scanning If client computers have direct access to the Internet through your LAN, try to download the eicar.com test file from http://www.eicar.org/download/eicar.com The eicar.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Chapter 3 Performing System Management Tasks This chapter provides information on other tasks that you can perform after setting up and configuring the STM150.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Figure 3-1 For other devices connected to the STM150 (such as a firewall or a switch), you now have an option to manually change the duplex settings. This feature will allow STM150 to integrate with other devices seamlessly. The default setting is Auto. For example, if the firewall is connected to LAN-1 on the STM150 with the 10M/s connection setting, you may go to the STM150 Web interface and make the changes.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Enabling Session Limits and Timeouts You enable session limits and timeouts on the Global Settings > Network Setting > Session Limit screen. Figure 3-2 This page allows you to specify total number sessions per user (IP) allowed across the router. Session limiting is disabled by default.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Scanning Exclusions To enhance system performance, you may add trusted hosts or connections to this list. The STM150 will no longer scan these connections based on the specified hosts or ports. To enter a scanning exclusion rule 1. On the menu, click Global Settings > Scanning Exclusions. Figure 3-3 2. Enter the IP address (range) in their respective fields.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Setting the System Time Setting the correct system time and time zone ensures that the date and time recorded in the STM150 logs are accurate. Changing the time zone requires a reboot to apply the updated settings. To set the system time 1. On the menu, click Administration > Time Zone. Figure 3-4 2. You can use either the default NTP server or a custom NTP server.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Specifying the Notification Server For the STM150 to send out alerts, reports, and logs via email, an SMTP server must be specified on the Global Settings > Email Notification Server page. Note: If you do not set a notification server, the STM150 will be unable to send email alerts to you. Note that same SMTP server will also send you logs and reports.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual 5. In Send notification to, type up to the email addresses to which you want to send alerts (for example, admin@company.com). You can send alerts to up to 3 recipients; separate each email address with a comma. 6. Click Save Changes. Customizing Email Alerts After you set an SMTP server to use for notification, you need to specify the types of alerts that you want the STM150 to send out.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual To enable system administrator email alerts 1. On the menu, go to Monitoring > Logs & Reports > Alerts. Figure 3-6 2. Configure the Enable Update Failed Alerts, Enable License Expiration Alerts, Enable Malware Alerts, or Enable Outbreak Alerts check boxes as you prefer. • For Malware Alerts, in Message, use the meta tags to specify the information that will be included in the alert message.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Configuring SNMP Settings Simple Network Management Protocol (SNMP) is an application layer (Layer 7) protocol that is used by network management systems for monitoring the status of network-connected devices. SNMP enables administrators to monitor network performance, identify bottlenecks and plan for network expansion. The STM150 provides support for report aggregation via SNMP version 1.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual • In Contact (optional), type the name of the person or department responsible for managing the STM150 appliance. • In Location (optional), type the physical location of the STM150 appliance. 3. In Trusted SNMP hosts, type the IP addresses of the computers to which you want to grant GET and SET privileges on the STM150.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Backing Up and Restoring Configurations The STM150 provides backup and restore features to ensure speedy recovery from system errors or configuration on an additional STM150 appliance with the same language and management software versions. Access the backup and restore functions at Administration > Settings Backup & Restore. The backup feature saves all the STM150 settings to a file.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual To Back Up the STM150 Settings 1. On the menu, click Administration > Settings Backup & Restore. The Backup and Restore page appears. Figure 3-8 2. For the Save a copy of current settings option, click Backup. A dialog box appears, showing the file name of the backup file (backup.gpg). 3. Click Save file, and then click OK. 4.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Resetting to Factory Defaults Warning: If you reset the unit, all configuration settings will be lost, the default password will be restored, and you will need to re-register the product license. You can use the default button on the Backup & Restore Settings page to revert to factory default settings, or you can use the reset button on the back of the unit.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Enabling Remote Management To enable remote management, go to Administration > Remote Management. Figure 3-11 Enter the port number you wish to use. You may enter port 443 or a port ranging from 1024 to 65535. Some ports which could have been used by the system (such as: 2080, 8081...) cannot be used here. Click Apply. Click Reset to reset the port to the default value (443).
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Administering Software Updates The STM150 has four main components – pattern file, scan engine, OS, and software. To ensure up-to-date protection against malware, perform updates regularly.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual To configure scheduled updates 1. On the menu, go to Administration > Software Update. 2. In Update From, select an update source. The default update source is the NETGEAR update server.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Applying a Software Update that Requires a Reboot If a downloaded update requires a reboot, you will be prompted to perform the update upon login to the system. Figure 3-13 The update notice will provide information about the update, allow you to install it now or install it later, and warn you if the update will reboot the system. Performing System Management Tasks 3-17 v1.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Administering Admin Login Timeouts and Passwords The STM150 specifies one Administrator account (Admin) and one guest account. You can use this section to change the user name or password for either account, and adjust the admin login time setting. Figure 3-14 To edit the Admin User Name, from the main menu, click Administration > Set Password. 1. Select Edit Admin Settings 2.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual 3. Enter the new password under the New Password field. 4. To confirm, enter the new password again under the Retype New Password field. 5. Click Apply. To edit the Guest User Name, from the main menu, click Administration > Set Password. 1. Select Edit Guest Settings 2. Under Guest Settings, type the new user name under the New User Name field. 3.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual 3-20 Performing System Management Tasks v1.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Chapter 4 Customizing Scans This chapter provides information on how to optimize the ProSecure Web/Email Security Threat Management Appliance STM150 scan settings.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Customizing Email Scanning Settings The Email Security pages allow you to enable and disable scanning of supported network services (protocols), set the scan actions, and configure the maximum file size to scan. Figure 4-1 In the Email Security > Anti-Virus > Action page, set an action that you want the STM150 to perform when it detects a threat. The STM150 can block and delete infected emails or attachments.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual End User Email Notification Settings To configure the notification options for email scan, go to Email Security > Anti-Virus > Notification Settings on the menu. Figure 4-2 The following options are available on the Notification Settings page. Insert Warning into Email Subject Line (SMTP) You may insert a tag at the beginning of the email subject line as notification. The tag is customizable, for example, [Malware Infected].
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Select the Insert Warning into Email Subject SMTP check box, and then type a message for Malware found and No malware found. The default messages are: • Malware found: [Malware Infected] • No malware found: [Malware Free] Append Safe Stamp (SMTP & POP3) When there is no malware detected in the mail, you have an option to append a safe stamp at the end of a message.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Email Content Filtering The STM150 provides several options for filtering unwanted content in the email. You can filter mails based on keywords in the subject, file type, and file name. You can also set an action to perform on emails with password-protected attachments. Figure 4-3 Customizing Scans 4-5 v1.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Filter by Subject Keywords Enter the keywords to filter when they appear in the email subject line. Use commas to separate different keywords. Then select the actions for SMTP and POP3 protocols. Available filtering actions include: • Block email & log. • Log (default).
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual For IMAP and POP3, select either Block attachment & log or No Log. Protecting Against Email Spam The STM150 integrates multiple anti-spam technologies to provide comprehensive protection against unwanted mail. You can enable all or a combination of these anti-spam technologies. The STM150 implements these spam prevention technologies in the following order: 1. Whitelist. 2. Blacklist. 3. Real-time blacklist. 4.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual To define the sender whitelist. On the menu, go to Email Security > Anti-Spam > Whitelist and Blacklist. Figure 4-4 1. Under the Whitelist column, enter the IP address (or IP address range), domain name, or email address that you want set as a trusted source. Note: Whitelist URL entries are case sensitive. Here are some examples: • IP address/IP address range: 10.1.1.5 or 10.1.2.3-35 • Domain name: netgear.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual To define the recipient whitelist. On the menu, go to Email Security >Anti-Spam > Whitelist and Blacklist. 1. Under the Whitelist column, enter the domain name, or email address that you want set as a trusted source. 2. Click Apply. To define the blacklist. 1.Under the Blacklist column, enter the IP address (or IP address range), domain name, or email address that you want set as a blocked source. Click Apply.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual To add a new provider. 1. In the Add Real-time Blacklist section, type the name of the provider under the Provider column. 2. Under RBL Domain Suffix, type the domain name from which the STM150 will retrieve the real-time blacklist. 3. Click Add. The message Configuration saved appears. To delete a provider. 1. Select the Active check box for the provider that you want to delete. 2.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual If tag spam email is selected, the STM150 will append a spam tag (customizable) in the mail subject. Figure 4-6 Note: For the spam analysis to function correctly, the STM150 must be connected to the Internet. To configure distributed spam analysis. 1. On the main menu, go to Email Security > Anti-Spam > Distributed Spam Analysis. 2. In the Distributed Spam Analysis section, check the SMTP and POP3 boxes.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Customizing Web Scanning Settings The STM150 also scans Web or HTTP traffic for malicious content and performs the specified action, including Delete File, Clean, Audit or Streaming. Figure 4-7 To configure Web security, go to Web Security > Policy to select which protocols to scan. Note: Scanning all protocols enhances network security, but it may affect the performance of STM150.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Configuring Web Malware Scans If you enabled HTTP or HTTPS scan in Web Security > Policy you can specify what type of action to take against detected malware. Figure 4-8 Define the action (Delete file, Log only) and check the Streaming box for each protocol you wish to enable streaming. In Scan Exception, set the maximum file size that STM150 will scan. STM150 can scan files up to 25,600KB (25MB) in size.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual To replace the original page with warning text. check the Replace Page with Warning Text: checkbox. Customize the warning text. If you wish to present the warning page in HTML format instead of plain text check the HTML Format checkbox. If you wish to preview the warning page in HTML format click Preview. Click Reset to reset the page to its default settings (Action: Delete file, Streaming: off, Scan Exception value: 8,192KB).
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual • Record HTTP traffic log: If you wish to log all scanned HTTP traffic, check the Record HTTP Traffic Log box. Keep in mind that this will slow down performance. • Block Files with the Following Extensions: Select the Block Files with the Following Extensions checkbox. In the box below the Block Files with the Following Extensions check box, enter the file extensions (without the period) that you want to block.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual blocked URL and which category it was in. You can preview the warning page by pressing Preview. The maximum size for the warning text message is 3 Kilobytes. Figure 4-10 • When the STM150 blocks access to a link of a certain blocked web category, it will display an HTML warning message.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Configuring Web URL Filtering To configure Web filtering, go to Web Security > HTTP and HTTPS > URL Filtering. Figure 4-11 White List Select the Enable check box if you want the STM150 to bypass the scanning of a URL listed here. If a URL is in both the white list and black list, then the white list will take precedence and files from the URL will not be scanned. You can enter a maximum of 200 entries to the white list.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual In addition to manually entering URLs one at a time, you may import and export the list. Note that the file to be imported must be in .txt format and must be line delimited (one URL per line). Use Notepad or any other text viewer to open the imported file. Click export and save the exported file to your PC. To import a list, click Browse..., Select the file you wish to import from, then click on the Open button.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual HTTPS Scan Settings To configure the HTTPS scan settings, go to Web Security > HTTPS Scan > Settings. Figure 4-12 To configure the HTTPS scan settings, click Web Security > HTTP and HTTPS > HTTPS Settings, and set the following options. HTTP Tunneling Check the box to allow and scan HTTPS connections through a HTTP proxy. Be sure to add the proxy port into the Ports to Scan for the HTTPS protocol in the Policy page.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual required, the connection will be rejected with an alert message in the browser window. To allow access, select the Allow the STM to present the website to the client. check box. Show This Message When an SSL Connection Attempt Fails When the STM150 denies access to an HTTPS web site, it will display an HTML warning message. The URL and reason will be included between the two % marks.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Due to the nature of HTTPS scanning and how the certificates are handled, the end user will see Security Alerts in their web browser as shown in the following figure. This is because the client (browser) will get a certificate from the STM150 instead of directly from the server.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual However, certain HTTPS servers do require client certificate authentication for every HTTPS request. By the design of SSL, the client needs to present its own certificate rather than using the one from the STM150. The HTTPS scanning process will be affected because of this. Certificate Management To manage the security certificates that you use with the STM150, go to Web Security > HTTPS Scan > Certificate Management.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Before enabling HTTPS scanning, you may specify which certificate to be used by the STM150 to handle HTTPS requests. By default, a certificate issued by NETGEAR is used. This certificate can be downloaded from the STM150 login screen for browser import. Click Import to import a certificate of your choice. A password is required for some certificates.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Trusted Hosts To identify trusted hosts, go to Web Security > HTTP and HTTPS > Trusted Hosts Figure 4-15 Do Not Intercept HTTPS Connections for the Following Hosts: The STM150 will bypass the scanning and certificate authentication of the sites listed. The certificate will be sent directly to the client for authentication, which means that the user will not get a security alert for sites listed.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual 2. Enter the host name (not the URL) of the server into the Add Host box, and then click Add. Click Apply. To delete hosts from the Host Access Control List 1. Select the host you wish to delete from the bypass list. 2. Click Delete. 3. Click Apply. In addition to manually entering host names and IP addresses one at a time, you may import and export the list. Note that the files to be imported should be in .
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual If you enabled FTP scan in Web Security > Policy > FTP you can specify what type of action to take against detected malware as well as which file types to block on FTP. Under Action you can specify what type of action to take against detected malware. You can select Delete file or Log only. In Scan Exception, set the maximum file size that the STM150 will scan. The STM150 can scan files up to 25,600KB (25MB) in size.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Chapter 5 Monitoring System Performance The STM150 provides online support services along with real-time alerts and comprehensive monitoring, reporting and logging capabilities to ensure that you are able to effectively respond to the latest threats found on the network. This chapter provides information on the available logs and reports and how to view them on the Web interface.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Viewing the System Status To view system status information, click Monitoring > System Status. Figure 5-1 The at-a-glance table on this page allows you quickly view the status of important components of the STM150. Information available on this page includes: • System Info - Shows component version, update information, hardware serial number and license expiration dates for each type of license.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Using Statistics and Web Usage Data To view system statistics, click Monitoring > Statistics. Figure 5-2 The at-a-glance table on the Statistics tab page lets you review the distribution of traffic going through this STM150.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual To view Web usage statistics, click Monitoring > Statistics >Web Usage. Figure 5-3 Select the time frame for the Web Usage report then click View The at-a-glance table on this page allows you to quickly see which categories of Web sites are getting the most access from your network. 5-4 Monitoring System Performance v1.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Monitoring Security To view a summary of malware incidents on the network, click Monitoring > Security. Figure 5-4 Spam and malware detected on the SMTP, IMAP, POP3, HTTP, HTTPS and FTP protocols are listed on this page, in addition to the actions taken on the malicious code. The status of the scanning services are also shown here as well.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Running Diagnostics The STM150 provides diagnostic tools that help you analyze traffic conditions and the status of the network. Two sets of tools are available – network diagnostic tools and traffic diagnostic tools.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Use PING to check the connection between the STM150 and a specific IP address. Enter the IP address or host name, and then click PING. The PING results appear at the bottom of the page. To perform DNS lookup, enter the domain name, and then click DNS Lookup. The page refreshes, and then the DNS lookup results (domain name and IP addresses) appear at the bottom of the page.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Generate Network Statistics Report The Network Statistic Report provides the user a detailed overview of the network utilization in the STM150 managed network environment. Users will be able to see what consumes the most resources on the network. On the Monitoring > Diagnostics page, click Generate Network Statistics to send the report to the administrator.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Querying Logs System logs have their own page on the Web interface. Use the following procedure to generate the other log types. 1. To query logs, go to Logs & Reports > Log Query. 2. In Log Type, select the log type that you want to generate. 3. Set the filtering criteria by specifying the date range, protocol, source or destination IP address, or scan action.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual 5. In Select logs to send, select the check boxes for the log types that you want the STM150 to send via email. 6. In Format, click either Plain Text or CSV. If you want the STM150 to compress the log file before sending, select the Zip the logs to save space check box. 7. In Size, select the Split log size to: box and enter a file size (in Megabytes) to split the logs into fragments of the file size entered. 8. Click Apply.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual This automated log purging takes the burden of managing the size of the STM150 logs off your shoulders and ensures that the latest malware incidents and traffic activities are always recorded. To manually purge selected logs, go to Logs & Reports > Log Management and select the check boxes under Clear the following log information for the logs you wish to purge, then click the Clear Log Information button.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual To delete saved reports. Click the Delete button next to a previously saved report to delete it from the STM150.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual If NETGEAR support cannot access your the STM150 remotely, you may be asked to save a log file to your computer and then email it to NETGEAR for analysis. If asked to do so, log into the STM150 Web interface, go to Monitoring > Diagnostics > Gather Important Log Information and click Download Now. Save the file to a local hard drive and send it by email to NETGEAR support for analysis.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual 5. Browse to the location where you saved the hot fix file, and then select it. 6. Click Open. 7. Click Apply to install the hot fix. Sending Suspicious Files to NETGEAR for Analysis You can report any undetected malware file or malicious email to Netgear for online for analysis. The file will be compressed and password protected before sending. On the menu, go to Support > Malware Analysis.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Appendix A Default Settings and Technical Specifications You can use the reset button located on the rear panel to reset all settings to their factory defaults. • To perform a hard reset, press and hold the reset button for approximately 10 seconds (until the TEST LED blinks rapidly). Your device will return to the factory configuration settings shown in Table A-2 below.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Table A-1. STM150 Default Configuration Settings (continued) Feature Default LAN Connections MAC Address Default address MTU Size 1500 Ports 5 AutoSense 10/100/1000BASE-T, RJ-45 LAN IP Address In line transparent bridged Subnet Mask 255.255.255.0 The STM150 specifications are listed in the table below. Table A-2.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Appendix B Related Documents This appendix provides links to reference documents you can use to gain a more complete understanding of the technologies used in your NETGEAR product. Document Link Internet Networking and TCP/IP Addressing: http://documentation.netgear.com/reference/enu/tcpip/index.htm Wireless Communications: http://documentation.netgear.com/reference/enu/wireless/index.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual B-2 Related Documents v1.
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual Index N notification settings 4-3 P D default settings 4-1 deployment rack mounting 1-7 testing connectivity 2-10 testing HTTP scanning 2-10 verifying 2-9 deployment scenarios choosing 2-1 gateway 2-2 segmented LAN 2-4 E EICAR 2-10 package contents 1-4 preconfiguration 2-4, 2-8 R real-time scanning 1-2 S SNMP 3-9 stream-based scanning 1-2 T testing connectivity 2-10 HTTP scanning 2-10 F factory default login 1-6 firewa
