NETGEAR STM150EW3-100NAS User Manual

ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual

NETGEAR, Inc.
350 East Plumeria Drive San Jose, CA 95134 USA
March 2009 202-10414-02 v1.1
Trademarks
NETGEAR and the NETGEAR logo are registered trademarks and ProSecure is a trademark of NETGEAR, Inc. Microsoft, Windows, and Windows NT ar e registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders.
Statement of Conditions
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice.
NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful inte rferenc e to radio communications. Operation of this equipment in a residential area is likely to cause harmful interfere nc e in which case the user will be required to correct the interference at his own expense.
Changes or modifications not expressly approved by the Netgear could void the user's authority to operate the equipment.
EU Regulatory Compliance Statement
The ProSecure Web/Email Security Threat Management Appliance STM150 is compliant with the following EU Council Directives: 89/336/EEC and LVD 73/23/EEC. Compliance is verified by testing to the following standards: EN55022 Class B, EN55024 and EN60950-1.
Bestätigung des Herstellers/Importeurs
Es wird hiermit bestätigt, daß das ProSecure W eb/Email Security Threat Management Appliance STM150 g emäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.
Certificate of the Manufacturer/Importer
It is hereby certified that the ProSecure Web/Email Security Threat Management Appliance STM150 has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The o peration of some equipment (for example, test transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes in the operating instructions.
Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations.
ii
v1.1, March 2009
Voluntary Control Council for Interference (VCCI) Statement
This equipment is in the second category (information equipment to be used in a residential area or an adjacent area thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.
When used near a radio or TV receiver , it may become the cause of radio interference. Read instructions for correct handling.
Additional Copyrights
AES Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
All rights reserved. TERMS Redistribution and use in source and binary forms, with or without modification, are permitted subject to the following conditions:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. The copyright holder's name must not be used to endorse or promote any products derived from this software without his specific prior written permission.
This software is provided 'as is' with no express or implied warranties of correctness or fitness for purpose.
v1.1, March 2009
iii
Open SSL Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions * are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgment: “This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)”
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.
5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)"
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).
MD5 Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.
License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD5 Message­Digest Algorithm" in all material mentioning or referencing the derived work. RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided "as is" without express or implied warranty of any kind. These notices must be retained in any copies of any part of this documentation and/or software.
iv
v1.1, March 2009
PPP Copyright (c) 1989 Carnegie Mellon University. All rights reserved.
Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that the software was developed by Carnegie Mellon University. The name of the University may not be used to endor se or promote products derive d from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Zlib zlib.h -- interface of the 'zlib' general purpose compression library version 1.1.4, March 11th,
2002. Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler.
This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
Jean-loup Gailly: jloup@gzip.org; Mark Adler: madler@alu mni.caltech.edu The data format used by the zlib library is described by RFCs (Request for Comments) 1950 to 1952 in the files ftp://ds.internic.net/rfc/rfc1950.txt and rfc1952.txt (gzip format)
(zlib format), rfc1951.txt (deflate format)
Product and Publication Details
Model Number: STM150 Publication Date: March 2009 Product Family: Threat Management Appliance Product Name: ProSecure Web/Email Security Threat Management Appliance STM150 Home or Business Product: Business Language: English Publication Part Number: 202-10414-02 Publication Version Number 1.1
v1.1, March 2009
v
vi
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual

Contents

About This Manual
Conventions, Formats, and Scope ................................................................................... xi
Revision History ..................... ... ... .... .......................................... ... ....................................xii
Chapter 1 Introduction
What is the ProSecure Web/Email Security Threat Management Appliance STM150? .1-1
About Stream Scanning ...........................................................................................1-2
Key Features and Capabilities ........................................................................................1-2
What Can You Do with an STM150? .................................. ............................................ 1-3
Service Registration Card with License Key(s) .................. ... ....... ... ... .... ... ... ... ... .... ... ... ..1-4
Front Panel Features ......................................................................................................1-4
Rear Panel Features ......................................................................................................1-5
Default IP Address, Login Name, and Password Location ........................... .................. 1-6
Choosing a Location for the STM150 ........................................ .....................................1-6
Using the Rack Mounting Kit ........... ... .... ... ...... ... .... ... ... ... .... ... ... ... .... ... ... ... ... .... ... .....1-7
Chapter 2 Provisioning Threat Management Services
Choosing a Deployment Scenario ... ... ... ... .... ... ... ... ... .... ... ... ... ....... ... ... .... ... ... ... ... .... ... ... ..2-1
Gateway Deployment ...............................................................................................2-2
Server Group ......................................... .......................................... ... .....................2-3
Segmented LAN Deployment. ..................................................................................2-4
Use the Installation Guide to Perform Initial Configuration ............................................. 2-4
Logging In to the STM150 ..............................................................................................2-5
Registering the STM150 .................................................................................................2-7
Use the Setup Wizard to Complete the Configuration ..................... ............................... 2-8
Setup Wizard Options ..............................................................................................2-8
Verifying the STM150 Installation .............................................. ... ... ... .... ... ... ... ... .... ... .....2-9
Testing Connectivity ...............................................................................................2-10
v1.1, March 2009
vii
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual
Testing HTTP Scanning .........................................................................................2-10
What to Do Next ...........................................................................................................2-10
Chapter 3 Performing System Management Tasks
Modifying System Settings .............................................................................................3-1
Configuring Network Settings ...................................................................................3-1
Enabling Session Limits and Timeouts ....................................................................3-3
Scanning Exclusions ............. .... ... .......................................... ..................................3-4
Setting the System Time ........... ... ... .......................................... ...............................3-5
Specifying the Notification Server ............. .......................................... .....................3-6
Configuring SNMP Settings .....................................................................................3-9
Supported MIB Browsers .......................................................................................3-10
Backing Up and Restoring Configurations ....................................................................3-11
Backing Up the STM150 Configuration ..................................................................3-11
To Back Up the STM150 Settings ..........................................................................3-12
Restoring A Configuration ......................................................................................3-12
To restore the STM150 settings ............................................................................. 3-12
Resetting to Factory Defaults ............... .......................................................................3-13
Restarting the STM150 .................................................................................................3-13
Enabling Remote Management ....................................................................................3-14
Administering Software Updates ..................................................................................3-15
Configuring Scheduled Updates ............................................................................3-15
To configure scheduled updates ............................................................................3-16
Performing a Manual Update ....................... ... ... .... .......................................... ... ...3-16
Applying a Software Update that Requires a Reboot ............................. ... ... .... ... ...3-17
Administering Admin Login Timeouts and Passwords ..................................................3-18
Chapter 4 Customizing Scans
Default Scan Settings .....................................................................................................4-1
Customizing Email Scanning Settings ............................................................................4-2
End User Email Notification Settings .......................................................................4-3
Email Content Filtering ....... ... .... ... ... ... .... ...... ... ... .... ... ... ... .... ... ... ... .... ... ... ... ... .... ...... ..4-5
Protecting Against Email Spam ................................................................................4-7
Configuring Distributed Spam Analysis ..................................................................4-10
Customizing Web Scanning Settings ...........................................................................4-12
viii
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual
Configuring Web Malware Scans ...........................................................................4-13
Configuring Web Content Filtering .........................................................................4-14
Configuring Web URL Filtering ..............................................................................4-17
HTTPS Scan Settings ............................................................................................4-19
The STM150 CA Certificate ...................................................................................4-20
Certificate Management .........................................................................................4-22
Trusted Hosts .. ... ... ... .... .......................................... ... .......................................... ...4-24
Configuring FTP Scan ..................................................................................................4-25
Chapter 5 Monitoring System Performance
Viewing the System Status .............................................................................................5-2
Using Statistics and Web Usage Data ............................................................................5-3
Monitoring Security ............................. ... ... .... ... .......................................... ... ..................5-5
Running Diagnostics .......................................................................................................5-6
Using the Network Diagnostic Tools .........................................................................5-6
Using the Realtime Traffic Diagnostic Tools .............................................................5-7
Gathering Important Log Information .......................................................................5-7
To collect information about your STM150 ...............................................................5-7
Generate Network Statistics Report ............................. ... .... .....................................5-8
Using Reports to Optimize Protection and Performance ................................................5-8
Working with Logs ....................................................................................................5-8
Working with Reports .............................................................................................5-11
Using Online Support ...................................................................................................5-12
Enabling Remote Troubleshooting .........................................................................5-12
Working with Hot Fixes ..........................................................................................5-13
Sending Suspicious Files to NETGEAR for Analysis .............................................5-14
Appendix A Default Settings and Technical Specifications
Appendix B Related Documents
Index
ix
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual
x
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual

About This Manual

The NETGEAR® ProSecure™ Web/Email Security Threat Management Appliance STM150 Reference Manual describes how to configure and troubleshoot a ProSecure Web/Email Security
Threat Management Appliance STM150. The information in this manual is intended for readers with intermediate computer and networking skills.

Conventions, Formats, and Scope

The conventions, formats, and scope of this manual are described in the following paragraphs:
Typographical Conventions. This manual uses the following typographical conventions:
Italic Emphasis, books, CDs, file and server names, extensions
Bold User input, IP addresses, GUI screen text
Fixed Command prompt, CLI text, code
italic URL links
Formats. This manual uses the following formats to highlight special messages:
Note: This format is used to highlight information of importance or special interest.
Tip: This format is used to highlight a procedure that will save time or resources.
Warning: Ignoring this type of note may result in a malfunction or damage to the
equipment.
v1.1, March 2009
xi
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual
Danger: This is a safety warning. Failure to take heed of this notice may result in
personal injury or death.
Scope. This manual is written for the threat management appliance according to these
specifications:
Product ProSecure Web/Email Security Threat Management Appliance
STM150
Manual Publication Date March 2009
For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix B, “Related Documents.”.
Note: Product updates are available on the NETGEAR, Inc. website at
http://kbserver.netgear.com/products/STM150.asp.

Revision History

Manual Part Number
202-10414-01 1.0 January 2009 First publication 202-10414-02 1.1 March 2009 Update to change product name, “heuristic scan” terminology
Manual Version Number
Publication Date
Description
changed to “distributed spam analysis”, URL whitelists changed to now be case sensitive, correction of regulatory information, and various edits to improve clarity.
xii
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual
Chapter 1
Introduction
This chapter provides an overview of the features and capabilities of the ProSecure Web/Email Security Threat Management Appliance STM150. It also identifies the physical features of the appliance and the contents of its package.
Topics discussed in this chapter include:
“What is the ProSecure Web/Email Security Threat Management Appliance STM150?” on
page 1-1
“Key Features and Capabilities” on page 1-2
“What Can You Do with an STM150?” on page 1-3
“Service Registration Card with License Key(s)” on page 1-4
“Rear Panel Features” on page 1-5
“Default IP Address, Login Name, and Password Location” on page 1-6
“Choosing a Location for the STM150” on page 1-6

What is the ProSecure Web/Email Security Threat Management Appliance STM150?

The STM150 is an appliance-based, Web security solution that protects the network perimeter against Web-borne threats, from spyware, viruses, email, and blended threats. Ideally deployed at the gateway, it serves as the network’s first line of defense against all types of threats and complements firewalls, IDS/IPS, dedicated intranet security products, and endpoint antivirus/anti­spyware software.
Powered by patent-pending stream scanning technology and backed by one of the most comprehensive malware databases in the industry, STM150 can detect and stop all known sp yware and viruses at the gateway, preventing them from reaching your desktops and servers where cleanup would be much more difficult.
In addition to scanning HTTP, HTTPS, FTP , SMTP, POP3, and IMAP traffic, the ST M150 protects networks against spam phishing attacks, and unwanted Web use.
Introduction 1-1
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual

About Stream Scanning

Stream scanning is based on the simple observation that network traffic travels in streams. The STM150 scan engine starts receiving and analyzing traffic as the stream enters the network. As soon as a number of bytes are available, scanning commences. The scan engine continues to scan more bytes as they become available, while at the same time another thread starts outputting the bytes that have been scanned.
This multi threaded approach, in which the receiving, scanning, and outputting processes occur concurrently, ensures that network performance remains unimpeded. The result is that the time to scan a file is up to five times faster than traditional antivirus solutions – a performance advantage that is easily noticeable to the end user.
Stream scanning also enables organizations to withstand massive spikes in traffic, as in the event of a malware outbreak.

Key Features and Capabilities

The STM150 is a true appliance that provides comprehensive protection against malware and uses real-time scanning technology to stop spyware, viruses, and other types of malware at the gateway, without stopping the Internet. This section highlights the STM150’ s primary features as a W eb and Email security solution:
Real-time Protection – The patent-pending stream scanning technology enables scanning of previously undefended real-time protocols, such as HTTP. Network activities susceptible to latency (for example, Web browsing) are no longer brought to a standstill.
Comprehensive Protection – Provides both Web and email security, covering six major network protocols: HTTP, HTTPS, FTP, SMTP, POP3, and IMAP. The STM uses enterprise­class scan engines employing both signature-based and heuristic detection to stop both known and unknown threats. Malware database contains millions of signatures of spyware, viruses, and other malware.
Automatic Signature Updates – Malware signatures are automatically updated on an hourly basis. Critical new signatures are typically deployed hours before they are available from other security vendors.
True Appliance – Deploys in-line in a matter of minutes, anywhere in the network. Runs automatically and unobtrusively . Simply set and for get.
1-2 Introduction
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual

What Can You Do with an STM150?

The STM150 combines robust protection against malware with ease-of-use and advanced reporting and notification features to help you deploy and manage the device with minimal effort.
Here are some of the things that you can do with the STM150:
Scan Network Traffic for Malware – Using the patent-pending stream scanning technology, you can configure the STM150 to scan HTTP, SMTP, POP3, HTTPS, IMAP, and FTP protocols. Unlike traditional batch-based scan engines that need to cache the entire file before they can scan, this scan engine checks traffic as it enters the network, ensuring unimpeded network performance.
Protect the Network Instantly – the STM150 is a plug-and-pl ay security solution that can be instantly added to networks without requiring network reconfiguration.
Receive Real-time Alerts and Generate Comprehensive Reports – You can configure the STM150 to send out alerts whenever a malware or an outbreak is detected on the network. Real-time alerts can be sent out via email, allowing you to monitor malware events wherever you are.
By configuring the STM150 to send out malware alerts, you can isolate and clean the infected computer before the malware incident can develop into a full blown outbreak. The STM150 also provides comprehensive reports that you can use to analyze network and malware trends.
SNMP Support – You can enable and configure the STM150’s SNMP settings to receive SNMP traps through a supported MIB browser.
Automated Component Updates – Downloading components regularly is the key to ensuring updated protection against new threats. The STM150 makes this administrative task easier by supporting automatic malware pattern, program and engine updates.
Introduction 1-3
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual
1 2
3
4
5

Service Registration Card with License Key(s)

Be sure to store the license key card that came with your unit in a secure location. You will need these keys to activate your product during the initial setup, and if you ever have to reset the unit back to its factory defaults.
Figure 1-1

Front Panel Features

The ProSecure Web/Email Security Threat Management Appliance STM150 front panel shown below includes two groups of RJ-45 connectors and status indicator light-emitting diodes (LEDs), including Power and Test lights:
Figure 1-2
1. Power status
1-4 Introduction
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual
1
2
5
4
3
2. Power on test status
3. USB ports
4. Uplink switched N-way automatic speed negotiating auto MDI/MDIX Ethernet port
5. Downlink Ethernet ports
Four switched N-way automatic speed negotiating auto MDI/MDIX Ethernet ports.

Rear Panel Features

The STM150 rear panel functions are described below:
Figure 1-3
1. Console port: To connect to a COM port on a Microsoft Windows or Linux computer; may be used to perform the initial configuration.
2. Kensington Lock: Attach a kensington lock to prevent unauthorized removal of the unit.
3. Restart: Press to restart the unit; it does not reset the appliance to its factory defaults.
4. Reset: Use a sharp object, press and hold this button for about ten seconds until the front panel Test light flashes to reset the unit to factory default settings.
Note: If you reset the unit, all configuration settings will be lost, the default password
will be restored, and you will need to re-register the product license.
5. Power socket.
Introduction 1-5
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual
IP Address
User Name
Password

Default IP Address, Login Name, and Password Location

Check the label on the bottom of the STM150’s enclosure if you need a reminder of the following factory default information:
Figure 1-4

Choosing a Location for the STM150

The STM150 is suitable for use in an office environment where it can be free-standing or mounted in a standard 19-inch equipment rack. Alternatively, you can rack-mount the STM150 in a wiring closet or equipment room. A mounting kit, containing two mounting brackets and four screws, is provided in the STM150 package.
When deciding where to position the STM150, ensure that:
It is accessible and cables can be connected easily.
Cabling is away from sources of electrical noise. These include lift shafts, microwave ovens, and air conditioning units.
Water or moisture cannot enter the case of the unit.
Airflow around the unit and through the vents in the side of the case is not restricted. Provide a minimum of 25 mm or 1 inch clearance.
The air is as free of dust as possible.
Temperature operating limits are not likely to be exceeded. Install the unit in a clean, air­conditioned environment. For information on the recommended operating temperatures for the STM150, refer to Appendix A, “Default Settings and Technical Specifications.
1-6 Introduction
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual

Using the Rack Mounting Kit

Use the provided mounting kit for the STM150 to install the appliance to a rack. The mounting brackets supplied with the STM150 are usually installed before the unit is shipped out. If the brackets are not yet installed, attach them using the supplied hardware.
Before mounting the STM150 in a rack, verify that:
You have the correct screws (supplied with the installation kit)
The rack onto which you will mount the STM150 is suitably located.
Introduction 1-7
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual
1-8 Introduction
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual
Chapter 2
Provisioning Threat Management Services
Provisioning the STM150 ProSecure Web/Email Security Threat Management Appliance STM150 in your network is described in this chapter.
This chapter contains the following sections:
“Choosing a Deployment Scenario” on page 2-1
“Use the Installation Guide to Perform Initial Configuration” on page 2-4
“Registering the STM150” on page 2-7
“Use the Setup Wizard to Complete the Configuration” on page 2-8
“Verifying the STM150 Installation” on page 2-9
“What to Do Next” on page 2-10

Choosing a Deployment Scenario

The STM150 is an inline transparent bridge appliance that can easily be deployed to any point on the network without requiring network reconfiguration or additional hardware.
The following are the most common deployment scenarios for the STM150. Depending on your network environment and the areas that you want to protect, you can choose one or a combination of these deployment scenarios.
“Gateway Deployment” on page 2-2
“Server Group” on page 2-3
“Segmented LAN Deployment.” on page 2-4
Provisioning Threat Management Services 2-1
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual

Gateway Deployment

Figure 2-1
In a typical gateway deployment scenario, a single STM150 appliance is installed at the gateway – between the firewall and the LAN core switch – to protect the network against all malware threats entering and leaving the gateway. Installing the STM150 behind the firewall protects it from DoS attacks.
2-2 Provisioning Threat Management Services
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual

Server Group

Figure 2-2
In a server group deployment, one STM150 appliance is installed at the gateway and another in front of the server group. This type of deployment helps split the network load and provides the mail server with dedicated protection against malware, including email-borne viruses and spam.
Note: This configuration helps protect the mail server from internal as well as external
clients.
Provisioning Threat Management Services 2-3
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual

Segmented LAN Deployment.

Figure 2-3
In a segmented LAN deployment, one STM150 appliance is installed in front of each network segment. This type of deployment helps split the network load and protects network segments from malware coming in through the gateway or originating from other segments.
Note: In segmented LAN deploymen t, VLAN is not supported; VLAN traffic cannot p ass
through the STM150.

Use the Installation Guide to Perform Initial Configuration

Use the installation guide to perform the initial configuration of the STM150’s basic system settings (for example, IP address, netmask, and DNS) so that it can function on the network. To perform the initial configuration, follow the instructions in the NETGEAR Installation Guide, STM150. The installation guide will walk you through connecting the unit, and using the setup wizard to complete the initial configuration. After using the setup wizard to complete the initial configuration, you can log in to make additional changes or to monitor the system using the steps below.
2-4 Provisioning Threat Management Services
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual
https://192.168.1.201

Logging In to the STM150

Follow these steps to log in to the STM150.
1.
Use a browser to connect to https://192.168.1.201.
Figure 2-4
Note: The STM150 factory default IP address is 192.168.1.201. If you changed it, you
must use the IP address you assigned it.
2. When prompted, enter admin for the User Name and password for the Password.
Figure 2-5
Provisioning Threat Management Services 2-5
Note: When the STM scans secure HTTPS traffic, import its root CA certificate into
your browser. Click the link at the bottom of the login screen to download it.
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual
3. Click Login. The default Monitoring > Security page displays.
Figure 2-6
Note: During the initial setup, the setup wizard displays when your first log in;
afterward the login takes you to the system status page.
The Support tab on the main menu contains links to the online NETGEAR STM150 product documentation and support knowledgebase.
Note: After 10 minutes of inactivity (the default login time-out), you are
automatically logged out
2-6 Provisioning Threat Management Services
.
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual

Registering the STM150

T o receive threat management component updates and technical support, you need to register your STM150 appliance.
Figure 2-7
The registration key (see “Service Registration Card with License Key(s)” on page 1-4) is provided in the product package.
If your STM150 is connected to the Internet, you can register it online.
1. Select Support > Registration. The registration page displays
2. Enter the registration key and contact information.
3. Click Register.
4. Repeat steps 2 and 3 for each key.
Provisioning Threat Management Services 2-7
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual

Use the Setup Wizard to Complete the Configuration

Follow the wizard prompts to configure these settings:
Network settings - If these were set earlier, skip this page or update these as needed.
Set the system time (NTP server) and time zone.
Configure Email Security settings.
Configure Web Security.
Specify the Email notification server to receive logs, alerts, and reports.
Configure update settings.
Configure Web category blocking.
Follow the guidelines below for completing the Setup Wizard.

Setup Wizard Options

For most settings, the default scan options will be the appropriate choices. Also, update the basic network settings only if you did not follow the instructions in the Installation Guide.
Email Security
On this wizard page, enable the network services you want to scan and specify the ports for each, select the scan actions, set the scan exceptions, and configure the maximum file size to scan.
Note: Setting the maximum file size to a high value may affect the STM150's
performance. The default value is recommended, which is sufficient to detect the vast majority of threats.
Tip: To enhance performance, you may disable scanning of any protocols that will be
seldom or never used. Be mindful of the difference between user and server generated traffic. For example, your mail server may not use IMAP but some users may configure IMAP clients.
Web Security
On this wizard page, enable the network services you want to scan and specify the ports for each, select the scan actions, set the scan exceptions, and configure the maximum file size to scan. Check the Streaming checkbox for an even more transparent user Web browsing experience.
2-8 Provisioning Threat Management Services
v1.1, March 2009
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual
Email Notification Server
On this wizard page, type the email address that you want to appear in the notification email as sender. For example, you can type '
STM150@mydomain.com'. Enter the SMTP server host name or
IP address. The STM150 will send notification emails via this SMTP server. If the SMTP server requires authentication, select the This server requires authentication check box, and then enter the user name and password.
Note: A different SMTP port number can be configured under the email notification
server settings.
Update Settings
The STM150 has four main components, which include a pattern file, the scan engine, operating system (OS), and software. To ensure up-to-date protection against malware, perform updates regularly. The default update frequency is set to hourly, since updates to the pattern file are released on an hourly basis.
If the computers on the network connect to the Internet through an HTTPS proxy server, enter the IP address and port number of the proxy server. If a firewall is installed on the local network, make sure that Internet access is allowed via port 443. If the proxy server requires authentication, enter a user name and password.
Web Categories
The STM150 lets you choose from a list of Web content categories you can block from being accessed from your network. Check those you wish to block.
Apply the Changes
To confirm and apply the STM150 settings that you have configured, click Apply. The STM150 will reboot to apply the updated settings.

Verifying the STM150 Installation

T est the STM150 befo re deploying it in a live production environment. The following instructions walk you through a couple of quick tests designed to ensure that your STM150 is functioning correctly.
Provisioning Threat Management Services 2-9
v1.1, March 2009
Loading...
+ 66 hidden pages