NETGEAR STM300EW-100NAS User Manual
ProSecure Web/Email
Security Threat
Management Appliance
STM150/300/600
Reference Manual
NETGEAR, Inc.
350 East Plumeria Drive
San Jose, CA 95134
202-10519-01
1.0
September 2009
© 2009 by NETGEAR, Inc. All rights reserved.
Trademarks
NETGEAR and the NETGEAR logo are registered trademarks and ProSecure is a trademark of NETGEAR, Inc.
Microsoft, Windows, and Windows NT ar e registered trademarks of Microsoft Corporation. Other brand and product
names are registered trademarks or trademarks of their respective holders.
Statement of Conditions
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to
make changes to the products described in this document without notice.
NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit
layout(s) described herein.
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency
Notice
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of
the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency
energy and, if not installed and used in accordance with the instruction manual, may cause harmful inte rferenc e to radio
communications. Operation of this equipment in a residential area is likely to cause harmful interfere nc e in which case
the user will be required to correct the interference at his own expense.
Changes or modifications not expressly approved by NETGEAR could void the user’s authority to operate the
equipment.
EU Regulatory Compliance Statement
The ProSecure Web/Email Security Threat Management Appliance STM150, STM300, or STM600 is compliant with
the following EU Council Directives: EMC Directive 2004/108/EC and Low Voltage Directive 2006/95/EC.
Compliance is verified by testing to the following standards: EN55022, EN55024, and EN60950-1.
For the EU Declaration of Conformity please visit:
http://kb.netgear.com/app/answers/detail/a_id/11621/sno/0.
Bestätigung des Herstellers/Importeurs
Es wird hiermit bestätigt, daß das ProSecure Web/Email Security Threat Management Appliance STM150, STM300, or
STM600 gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das
vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen
Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt
gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.
Certificate of the Manufacturer/Importer
It is hereby certified that the ProSecure Web/Email Security Threat Management Appliance STM150, STM300, or
STM600 has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/
1992. The operation of some equipment (for example, test transmitters) in accordance with the regulations may,
however, be subject to certain restrictions. Please refer to the notes in the operating instructions.
ii
v1.0, September 2009
Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market
and has been granted the right to test the series for compliance with the regulations.
Voluntary Control Council for Interference (VCCI) Statement
This equipment is in the second category (information equipment to be used in a residential area or an adjacent area
thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing
Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.
When used near a radio or TV receiver , it may become the cause of radio interference.
Read instructions for correct handling.
Additional Copyrights
AES Copyright (c) 2001, Dr. Brian Gladman, brg@gladman.uk.net, Worcester, UK.
All rights reserved.
TERMS
Redistribution and use in source and binary forms, with or without modification, are permitted
subject to the following conditions:
1. Redistributions of source code must retain the above copyright notice, this list of
conditions, and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of
conditions, and the following disclaimer in the documentation and/or other materials
provided with the distribution.
3. The copyright holder’s name must not be used to endorse or promote any products
derived from this software without his specific prior written permission.
This software is provided “as is” with no express or implied warranties of correctness or fitness
for purpose.
v1.0, September 2009
iii
Open SSL Copyright (c) 1998–2000 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of
conditions, and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of
conditions, and the following disclaimer in the documentation and/or other materials
provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the
following acknowledgment: “This product includes software developed by the OpenSSL
Project for use in the OpenSSL Toolkit (
4. The names “OpenSSL Toolkit” and “OpenSSL Project” must not be used to endorse or
promote products derived from this software without prior written permission. For written
permission, contact openssl-core@openssl.org.
5. Products derived from this software may not be called “OpenSSL” nor may “OpenSSL”
appear in their names without prior written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment: “This
product includes software developed by the OpenSSL Project for use in the OpenSSL
Toolkit (
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT “AS IS,” AND ANY
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCI DENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This
product includes software written by Tim Hudson (tjh@cryptsoft.com).
MD5 Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.
License to copy and use this software is granted provided that it is identified as the “RSA Data
Security, Inc. MD5 Message-Digest Algorithm” in all material mentioning or referencing this
software or this function. License is also granted to make and use derivative works provided
that such works are identified as “derived from the RSA Data Security, Inc. MD5 MessageDigest Algorithm” in all material mentioning or referencing the derived work.
RSA Data Security, Inc. makes no representations concerning ei ther the merchantability of
this software or the suitability of this software for any particular purpose. It is provided “as is”
without express or implied warranty of any kind.
These notices must be retained in any copies of any part of this documentation and/or
software.
http://www.openssl.org/).”
http://www.openssl.org/).”
iv
v1.0, September 2009
PPP Copyright (c) 1989 Carnegie Mellon University. All rights reserved.
Redistribution and use in source and binary forms are permitted provided that the above
copyright notice and this paragraph are duplicated in all such forms and that any
documentation, advertising materials, and other materials related to such distribution and use
acknowledge that the software was developed by Carnegie Mellon University. The name of
the University may not be used to endor se or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED “AS IS” AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Zlib zlib.h. Interface of the zlib general purpose compression library version 1.1.4, March 11th,
2002. Copyright (C) 1995–2002 Jean-loup Gailly and Mark Adler.
This software is provided “as is,” without any express or implied warranty. In no event will the
authors be held liable for any damages arising from the use of this software. Permission is
granted to anyone to use this software for any purpose, including commercial applications,
and to alter it and redistribute it freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not claim that you wrote
the original software. If you use this software in a product, an acknowledgment in the
product documentation would be appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be misrepresented
as being the original software.
3. This notice may not be removed or altered from any source distribution.
Jean-loup Gailly: jloup@gzip.org; Mark Adler: madler@alu mni.caltech.edu.
The data format used by the zlib library is described by RFCs (Request for Comments) 1950
to 1952 in the files
format), and rfc1952.txt (gzip format).
ftp://ds.internic.net/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate
Product and Publication Details
Model Number: STM
Publication Date: September 2009
Product Family: STM
Product Name: ProSecure Web/Email Security Threat Management Appliance STM150,
STM300, or STM600
Home or Business Product: Business
Language: English
Publication Part Number: 202-10519-01
Publication Version Number 1.0
v1.0, September 2009
v
vi
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Refer ence Manual
Contents
About This Manual
Conventions, Formats, and Scope ..................................................................................xiii
How to Print This Manual ................................................................................................xiv
Revision History ..................... ... .......................................... ... ..........................................xiv
Chapter 1
Introduction
What Is the ProSecure Web/Email Security Threat Management Appliance STM150, STM300,
or STM600? ....................................................................................................................1-1
What Can You Do with an STM? ..................................... ............................................... 1-2
Key Features and Capabilities ........................................................................................1-3
Stream Scanning for Content Filtering ............................ .... ... ... ... .... ... ...... ... .... ... ... ..1-4
Autosensing Ethernet Connections with Auto Uplink ...............................................1-4
Easy Installation and Management ..........................................................................1-5
Maintenance and Support ...................... ... ... ... ... .... ... ... ... .... ...... ... .... ... ... ... ... .... ... ... ..1-5
STM Model Comparison ........................... ... .......................................... ... ...............1-5
Service Registration Card with License Keys ............................ ... ... ... .... ... ... ... ... .... ... ... ..1-6
Package Contents ..........................................................................................................1-7
Hardware Features .........................................................................................................1-7
Front Panel Ports and LEDs ....................................................................................1-8
Rear Panel Features ....................................................................................................1-14
Bottom Panel With Product Label ..........................................................................1-15
Choosing a Location for the STM ................................................................................. 1-17
Using the Rack-Mounting Kit ..................................................................................1-18
Chapter 2
Using the Setup Wizard to Provision the STM in Your Network
Choosing a Deployment Scenario ... ... ... ... .... ... ... ... ... .... ... ... ... ....... ... ... .... ... ... ... ... .... ... ... ..2-1
Gateway Deployment ...............................................................................................2-1
Server Group ...................................... .......................................... .... ........................2-2
Segmented LAN Deployment ...................................................................................2-3
v1.0, September 2009
vii
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
Understanding the Steps for Initial Connection ..............................................................2-4
Qualified Web Browsers ...........................................................................................2-5
Logging In to the STM ....................................................................................................2-5
Understanding the Web Management Interface Menu Layout ............ ... ... ... ............2-8
Using the Setup Wizard to Perform the Initial Configuration ........................................2-10
Setup Wizard Step 1 of 10: Introduction ................................................................2-10
Setup Wizard Step 2 of 11: Networking Settings ....................... ............. ............. ...2-11
Setup Wizard Step 3 of 11: Time Zone ...................................................................2-12
Setup Wizard Step 4 of 11: Email Security .............................................................2-14
Setup Wizard Step 5 of 11: Web Security ..............................................................2-17
Setup Wizard Step 6 of 11: Email Notification Server Settings ..............................2-19
Setup Wizard Step 7 of 11: Update Settings ....................... ................................... 2-21
Setup Wizard Step 8 of 11: HTTP Proxy Settings ........... ....................................... 2-23
Setup Wizard Step 9 of 11: Web Categories ..........................................................2-24
Setup Wizard Step 10 of 11: Configuration Summary ............................................2-26
Setup Wizard Step 11 of 11: Restarting the System ..............................................2-27
Verifying Proper Installation ..........................................................................................2-27
Testing Connectivity ...............................................................................................2-27
Testing HTTP Scanning .........................................................................................2-27
Registering the STM with NETGEAR ...........................................................................2-28
What to Do Next ...........................................................................................................2-30
Chapter 3
Performing Network and System Management
Configuring Network Settings .........................................................................................3-1
Configuring Session Limits and Timeouts ......................................................................3-5
Configuring the HTTP Proxy Settings .............................................................................3-7
About Users with Administrative and Guest Privileges ...................................................3-9
Changing Administrative Passwords and Timeouts .................................................3-9
Configuring Remote Management Access ...................................................................3-11
Using an SNMP Manager .............................................................................................3-13
Supported MIB Browsers .......................................................................................3-15
Managing the Configuration File ...................................................................................3-16
Backup Settings ................. ... .... ... .......................................... ................................3-16
Restore Settings .....................................................................................................3-17
Reverting to Factory Default Settings ....................................................................3-18
viii
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Refer ence Manual
Updating the Software . ... .... ..........................................................................................3-19
Scheduling Updates ...............................................................................................3-19
Performing a Manual Update .............................................................. ... ................3-21
Critical Updates That Require a Restart ................................................................3-22
Configuring Date and Time Service ..............................................................................3-23
Managing Digital Certificates ........................... ... ... ... .... .......................................... ... ...3-25
Managing the Certificate for HTTPS Scans ................. ... .... ... ... ... .... ... ... ... ... .... ......3-26
Managing Untrusted Certificates .. ...... .... ... ... ... ... .... ... ... ... .... ... ...... .... ... ... ... ... .... ... ...3-29
Managing the Quarantine Settings ...............................................................................3-30
Performance Management .............................. ... ... ... .... ... .......................................... ...3-31
Chapter 4
Content Filtering and Optimizing Scans
About Content Filtering and Scans .................................................................................4-1
Default E-mail and Web Scan Settings ....................................................................4-2
Configuring E-mail Protection .........................................................................................4-4
Customizing E-mail Protocol Scan Settings .............................................................4-4
Customizing E-mail Anti-Virus Settings ....................................................................4-5
E-mail Content Filtering ..........................................................................................4-11
Protecting Against E-mail Spam .............................................................................4-14
Configuring Web and Services Protection ....................................................................4-22
Customizing Web Protocol Scan Settings ..............................................................4-22
Configuring Web Malware Scans ...........................................................................4-24
Configuring Web Content Filtering .........................................................................4-26
Configuring Web URL Filtering ..............................................................................4-32
HTTPS Scan Settings ............................................................................................4-36
Specifying Trusted Hosts ............. .......................................... ................................4-39
Configuring FTP Scans ..........................................................................................4-41
Configuring Application Control ....................................................................................4-44
Setting Scanning Exclusions and Web Access Exceptions ..........................................4-46
Setting Scanning Exclusions . .... ... ... ... .... ... .......................................... ...................4-47
Setting Web Access Exception Rules ....................................................................4-48
Chapter 5
Managing Users, Groups, and Authentication
About Users, Groups, and Domains ...............................................................................5-1
Configuring Groups ........................................................................................................5-2
v1.0, September 2009
ix
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
Creating and Deleting Groups by Name ..................................................................5-3
Editing Groups by Name .............. ... ... .... ... ... ... .......................................... ... ............5-4
Creating and Deleting Groups by IP Address and Subnet .. ... ... ...............................5-5
Configuring User Accounts .............................................................................................5-6
Creating and Deleting User Accounts ......................................................................5-6
Editing User Accounts ..............................................................................................5-8
Configuring Authentication .............................................................................................5-9
Understanding Active Directories and LDAP Configurations .................................5-12
Creating and Deleting LDAP and Active Directory Domains ............................... ...5-16
Editing LDAP and Active Directory Domains .................. .... ... ... ... .... ......................5-19
Creating and Deleting RADIUS Domains ...............................................................5-19
Editing RADIUS Domains and Configuring VLANs ................ ................................ 5-22
Global User Settings ................. ... .... ... ... ... .... ... .......................................... ... ................5-24
Viewing and Logging Out Active Users ........................................................................5-25
Chapter 6
Monitoring System Access and Performance
Configuring Logging, Alerts, and Event Notifications .....................................................6-1
Configuring the E-mail Notification Server ...............................................................6-2
Configuring and Activating System, E-mail, and Syslog Logs .................................6-3
Configuring Alerts .....................................................................................................6-8
Monitoring Real-Time Traffic, Security, Statistics, and Web Usage ..............................6-11
Understanding the Information on the Dashboard Screen .....................................6-11
Monitoring Web Usage .............................. .......................................... ... ................6-18
Viewing System Status .................................................................................................6-19
Querying Logs and Generating Reports .......................................................................6-22
Querying the Logs ..................................................................................................6-22
Scheduling and Generating Reports ......................................................................6-28
Viewing and Managing the Quarantine Files ................................................................6-33
Using Diagnostics Utilities ............................................................................................6-40
Using the Network Diagnostic Tools .......................................................................6-41
Using the Realtime Traffic Diagnostics Tool ........................................... ................ 6-42
Gathering Important Log Information and Generating a Network Statistics Report 6-43
Restarting and Shutting Down the STM . ... ... ... ....... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ...6-44
x
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Refer ence Manual
Chapter 7
Troubleshooting and Using Online Support
Basic Functioning ...........................................................................................................7-2
Power LED Not On ...................................................................................................7-2
Test LED or Status LED Never Turns Off .................................................................7-2
LAN or WAN Port LEDs Not On ...............................................................................7-3
Troubleshooting the Web Management Interface ...........................................................7-3
When You Enter a URL or IP Address a Time-out Error Occurs ....................................7-4
Troubleshooting a TCP/IP Network Using a Ping Utility .................................................7-5
Testing the LAN Path to Your STM ..........................................................................7-5
Testing the Path from Your PC to a Remote Device ................................................7-6
Restoring the Default Configuration and Password ............... .... ... ... ... .... ... ... ... ... .... ...... ..7-6
Problems with Date and Time .........................................................................................7-7
Using Online Support .....................................................................................................7-8
Enabling Remote Troubleshooting ...........................................................................7-8
Installing Hot Fixes ...................................................................................................7-9
Sending Suspicious Files to NETGEAR for Analysis .............................................7-10
Accessing the Knowledge Base and Documentation .............................................7-11
Appendix A
Default Settings and Technical Specifications
Appendix B
Related Documents
Index
v1.0, September 2009
xi
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
xii
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Refer ence Manual
About This Manual
The NETGEAR® Pr oSecur e™ Web/Email Security Thre at Management Appliance STM Refer ence
Manual describes how to configure and troubleshoot a ProSecure Web/Email Security Threat
Management Appliance STM150, STM300, or STM600. The information in this manual is
intended for readers with intermediate computer and networking skills.
Conventions, Formats, and Scope
The conventions, formats, and scope of this manual are described in the following paragraphs:
• Typographical conventions. This manual uses the following typographical conventions:
Italic Emphasis, books, CDs
Bold User input, IP addresses, GUI screen text
Fixed Command prompt, CLI text, code
italic URL links
• Formats. This manual uses the following formats to highlight special messages:
Note: This format is used to highlight information of importance or special interest.
Tip: This format is used to highlight a procedure that will save time or resources.
Warning: Ignoring this type of note might result in a malfunction or damage to the
equipment.
Danger: This is a safety warning. Failure to take heed of this notice might result in
personal injury or death.
v1.0, September 2009
xiii
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
• Scope. This manual is written for the STM according to these specifications:
Product ProSecure Web/Email Security Threat Management Appliance
STM150, STM300, or STM600
Manual Publication Date September 2009
For more information about network, Internet, firewall, and VPN technologies, click the links to
the NETGEAR website in Appendix B, “Related Documents.”
Note: Product updates are available on the NETGEAR website at
http://prosecure.netgear.com or http://kb.netgear.com/app/home.
Note: Go to http://prosecure.netgear.com/community/forum.php for information about
the ProSecure™ forum and to become part of the ProSecure™ community.
How to Print This Manual
T o print this manual, your computer must have the free Adobe Acrobat reader installed in order to
view and print PDF files. The Acrobat reader is available on the Adobe Web site at
http://www.adobe.com.
Tip: If your printer supports printing two pages on a single sheet of paper, you can save
paper and printer ink by selecting this feature.
Revision History
Manual Part
Number
202-10519-01 1.0 September 2009 Initial publication of this reference manual.
xiv
Manual
Ver sion
Number
Publication
Date
Description
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Refer ence Manual
Chapter 1
Introduction
This chapter provides an overview of the features and capabilities of the ProSecure Web/Email
Security Threat Management Appliance STM150, STM300, or STM600. It also identifies the
physical features of the appliances and the contents of the product packages.
This chapter contains the following sections:
• “What Is the ProSecure Web/Email Security Threat Management Appliance STM150,
STM300, or STM600? on this page.
• “What Can You Do with an STM?” on page 1-2.
• “Key Features and Capabilities” on page 1-3.
• “Service Registration Card with License Keys” on page 1-6.
• “Rear Panel Features” on page 1-14.
• “Bottom Panel With Product Label” on page 1-15.
• “Choosing a Location for the STM” on page 1-17.
What Is the ProSecure Web/Email Security Threat Management Appliance STM150, STM300, or STM600?
The ProSecure Web/Email Security Threat Management Appliance STM150, STM300, or
STM600, hereafter referred to as the STM, is an appliance-based, W eb and e-mail security solution
that protects the network perimeter against Web-borne threats from spyware, viruses, e-mail, and
blended threats. Ideally deployed at the gateway, it serves as the network’s first line of defense
against all types of threats, and complements firewalls, Intrusion Detection Systems (IDS)/
Intrusion Prevention Systems (IPS), dedicated Intranet security products, and endpoint anti-virus
and anti-spyware software.
Powered by patent-pending Stream Scanning technology and backed by one of the most
comprehensive malware databases in the industry, the STM can detect and stop all known spyware
and viruses at the gateway, preventing them from reaching your desktops and servers, where
cleanup would be much more difficult.
Introduction 1-1
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
In addition to scanning HTTP, HTTPS, FTP, SMTP, POP3, and IMAP traffic, the STM protects
networks against spam phishing attacks and unwanted Web use. The STM is a plug-and-play
device that can be installed and configured within minutes.
What Can You Do with an STM?
The STM combines robust protection against malware threats with ease of use and advanced
reporting and notification features to help you deploy and manage the device with minimal effort.
Here are some of the things that you can do with the STM:
• Protect the network instantly. The STM is a plug-and-play security solution that can be
instantly added to networks without requiring network reconfiguration.
• Scan network traffic for malware. Using the patent-pending Stream Scanning technology,
you can configure the STM to scan HTTP, HTTPS, FTP, SMTP, POP3, and IMAP protocols.
Unlike traditional batch-based scan engines that need to cache the entire file before they can
scan, this scan engine checks traffic as it enters the network, ensuring unimpeded network
performance.
• Set access policies for individual users or groups. You can configure W eb and e-mail access
access policies for individual users and groups based on the STM’s local database, on group IP
address, on LDAP domain, group, or user, or on RADIUS VLAN.
• Receive real-time alerts and generate comprehensive reports. You can configure the STM
to send alerts when a malware attack or outbreak is detected on the network. Real-time alerts
can be sent by e-mail, allowing you to monitor malware events wherever you are.
By configuring the STM to send malware alerts, you can isolate and clean the infected
computer before the malware incident can develop into a full-blown outbreak. The STM also
provides comprehensive reports that you can use to analyze network and malware trends.
• Manage through SNMP support. You can enable and configure the STM’ s SNMP settings to
receive SNMP traps through a supported MIB browser.
• Allow automated component updates. Downloading components regularly is the key to
ensuring updated protection against new threats. The STM makes this administrative task
easier by supporting automatic malware pattern, program, and engine updates.
1-2 Introduction
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Refer ence Manual
Key Features and Capabilities
The STM provides the following key features and capabilities:
• Up to two pairs of 10/100/1000 Mbps Gigabit Ethernet WAN ports (see “STM Model
Comparison” on page 1-5).
• Scalable support (see “STM Model Comparison” on page 1-5) for:
– up to 600 concurrent users
– up to 6000 concurrently scanned HTTP sessions
– up to 239 MB/s HTTP throughput
– up to 960,000 e-mails per hour SMTP throughput.
• Patent-pending Stream Scanning technology that enables scanning of real-time protocols such
as HTTP.
• Comprehensive Web and e-mail inbound and outbound security, covering six major network
protocols: HTTP, HTTPS, FTP, SMTP, POP3, and IMAP.
• URL content filtering with 64 categories.
• Malware database containing hundreds of thousands of signatures of spyware, viruses, and
other malware threats.
• Very frequently updated malware signatures, hourly if required. The STM can automatically
check for new malware signatures as frequently as every 15 minutes.
• Multiple anti-spam technologies to provide extensive protection against unwanted e-mails.
• Spam and malware quarantine for easy analysis.
• Web application control, including access control for instant messaging, media applications,
peer-to-peer applications, and Web-based tools and to olbars.
• User management with LDAP, Active Directory, and RADIUS integration, allowing access
policy configuration per user and per group.
• Easy, Web-based wizard setup for installation and management.
• SNMP-manageable.
• Dedicated management interface. (This feature is model dependent, see “STM Model
Comparison” on page 1-5).
• Hardware bypass port to prevent network disruption in case failure. (This feature is model
dependent, see “STM Model Comparison” on page 1-5).
• Front panel LEDs for easy monitoring of status and activity.
• Internal universal switching power supply.
Introduction 1-3
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
Stream Scanning for Content Filtering
Stream Scanning is based on the simple observation that network traffic travels in streams. The
STM scan engine starts receiving and analyzing traffic as the stream enters the network. As soon
as a number of bytes are available, scanning starts. The scan engine continues to scan more bytes
as they become available, while at the same time another thread starts to deliver the bytes that have
been scanned.
This multithreaded approach, in which the receiving, scanning, and delivering processes occur
concurrently, ensures tha t network performance remains unimpeded. The result is file scanning is
up to five times faster than with traditional anti-virus solutions—a performance advantage that you
will notice.
Stream Scanning also enables organizations to withstand massive spikes in traffic, as in the event
of a malware outbreak. The scan engine has the following capabilities:
• Real-time protection. The patent-pending Stream Scanning technology enables scanning of
previously undefended real-time protocols, such as HTTP. Network activities susceptible to
latency (for example, Web browsing) are no longer brought to a standstill.
• Comprehensive protection. Provides both Web and e-mail security, covering six major
network protocols: HTTP, HTTPS, FTP, SMTP, POP3, and IMAP. The STM uses enterpriseclass scan engines employing both signature-based and Distributed Spam Analysis to stop
both known and unknown threats. The malware database cont ains hundreds of thousands of
signatures of spyware, viruses, and other malware.
• Objectionable traffic protection. The STM prevents objectionable content from reaching
your computers. You can control access to the Internet content by screening for Web
categories, Web addresses, and Web services. You can log and report attempts to access
objectionable Internet sites.
• Automatic signature updates. Malware signatures are updated as frequently as every hour,
and the STM can check automatically for new signatures as frequently as every 15 minutes.
Autosensing Ethernet Connections with Auto Uplink
With its internal 10/100/1000 ports, the STM can connect to either a 10 Mbps standard Ethernet
network, a 100 Mbps Fast Ethernet network, or a 1000 Mbps Gigabit Ethernet network. The
interfaces are autosensing and capable of full-duplex or half-duplex operation.
TM
The STM incorporates Auto Uplink
whether the Ethernet cable plugged into the port should have a “normal” connection such as to a
PC or an “uplink” connection such as to a switch or hub. That port then configures itself to the
correct configuration. This feature eliminates the need to think about crossover cables, as Auto
Uplink accommodates either type of cable to make the right connection.
1-4 Introduction
technology. Each Ethernet port automatically senses
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Refer ence Manual
Easy Installation and Management
You can install, configure, and operate the STM within minutes after connecting it to the network.
The following features simplify installation and management tasks:
• Browser-based management. Browser-based configuration allows you to easily configure
the STM from almost any type of personal computer, such as Windows, Macintosh, or Linux.
A user-friendly Setup Wizard is provided and online help documentation is built into the
browser-based Web Management Interface.
• SNMP. The STM supports the Simple Network Management Protocol (SNMP) to let you
monitor and manage log resources from an SNMP-compliant system manager. The SNMP
system configuration lets you change the system variables for MIB2.
• Diagnostic functions. The STM incorporates built-in diagnostic functions such as a Ping
utility, Trace-route utility, DNS lookup utility, and remote restart.
• Remote management. The STM allows you to log in to the Web Management Interface from
a remote location on the Internet. For security, you can limit remote management access to a
specified remote IP address or range of addresses.
• Visual monitoring. The STM’s front panel LEDs provide an easy way to monitor its status
and activity.
Maintenance and Support
NETGEAR offers technical support seven days a week, 24 hours a day, according to the terms
identified in the Warranty and Support information card provided with your product.
STM Model Comparison
Table 1-1 compares the three STM models to show the differences:
Table 1-1. Differences Between the STM Models
Feature STM150 STM300 STM600
Performance and Sizing Guidelines
Concurrent Users up to 150 up to 300 up to 600
Web Scan Throughput 43 Mbps 148 Mbps 239 Mbps
Concurrent Scanned HTTP Connections 1500 3000 6000
SMTP Throughput (e-mails per hour) 139,000 420,000 960,000
Introduction 1-5
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
Table 1-1. Differences Between the STM Models (continued)
Feature STM150 STM300 STM600
Hardware
Gigabit RJ-45 Ports Total of 5 ports:
• 1 uplink
• 4 downlink
Gigabit RJ45 Port Pairs with Failure Bypass 0 1 pair of ports 2 pairs of ports
Dedicated Management VLAN RJ45 Ports 0 1 1
a. The STM600 provides two pairs of ports, allowing for support of two separate networks or subnets with strict traffic
separation.
Total of 3 ports:
• 1 pair of ports
(1 uplink and
1 downlink)
• 1 management
Total of 5 ports:
• 2 pairs of ports
(2 uplink and
2 downlink)
• 1 management
Service Registration Card with License Keys
Be sure to store the license key card that came with your STM in a secure location. You do need
these keys to activate your product during the initial setup.
a
Figure 1-1
1-6 Introduction
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Refer ence Manual
Note: When you reset the STM to the original factory default settings after you have
entered the license keys to activate the STM (see “Registering the STM with
NETGEAR” on page 2-28), the license keys are erased. The license keys and the
different types of licenses that are available for the STM are no longer displayed
on the Registration screen. However, after you have reconfigured the STM to
connect to the Internet and to the NETGEAR registration server, the STM
retrieves and restores all registration information based on its MAC address and
hardware serial number. You do not need to re-enter the license keys and
reactivate the STM.
Package Contents
The STM product package contains the following items:
• ProSecure Web/Email Security Threat Management Appliance STM150, STM300, or
STM600
• One AC power cable
• Rubber feet (4) with adhesive backing
• One rack-mount kit
• Straight through Category 5 Ethernet Cable
• ProSecure™ Web/Email Security Threat Management Applliance STM150, STM300, or
STM600 Installation Guide
• Depending on the model purchased, Service Registration Card with License Key(s)
• Warranty and Support Information Card
If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the
carton, including the original packing materials, in case you need to return the product for repair.
Hardware Features
The front panel ports and LEDs, rear panel ports, and bottom label of the STM models are
described in this section.
Introduction 1-7
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
1) Power LED
2) Test LED
3) USB Port
4) Uplink Port
5) Downlink Ports
4) Uplink LEDs
5) Downlink LEDs
Front Panel Ports and LEDs
The front panels of the three STM models provide different components.
STM150 Front Panel
Figure 1-2 shows the front panel ports and status light-emitting diodes (LEDs) of the STM150.
Figure 1-2
From left to right, the STM150’s front panel shows the following ports and LEDs:
1. Power LED.
2. Test LED.
3. One non-functioning USB port: this port is included for future management enhancements.
4. One uplink (WAN) Gigabit Ethernet port with an RJ-45 connector, left LED, and right LED.
5. Four downlink (LAN) Gigabit Ethernet ports with RJ-45 connectors, left LEDs, and right
1-8 Introduction
The port is currently not operable on any STM model.
LEDs.
Note: All Gigabit Ethernet ports provide switched N-way, automatic speed-negotiating,
auto MDI/MDIX technology.
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Refer ence Manual
The function of each STM150 LED is described in the following table:
Table 1-2. LED Descriptions for the STM150
Object Activity Description
Power On (Green) Power is supplied to the STM.
Off Power is not supplied to the STM.
Test On (Amber) during
startup.
Off The system has completed its initialization successfully. The Test LED
Blinking (Amber) The STM is shutting down.
Uplink (WAN) Port
The STM is initializing. After approximately 2 minutes, when the STM
has completed its initialization, the Test LED turns off. If the Test LED
remains on, the initialization has failed.
should be off during normal operation.
Software is being updated.
A hot fix is being installed.
One of the three licenses has expired. To stop the Test LED from
blinking, renew the license, or click the Stop LED Blinking button on
the System Status screen (see “Viewing System Status” on page 6-19).
Left LED Off The WAN port has no physical link, that is, no Ethernet cable is plugged
into the STM.
On (Green) The WAN port has a valid connection with a device that provides an
Internet connection.
Blink (Green) Data is being transmitted or received by the WAN port.
Right LED Off The WAN port is operating at 10 Mbps.
On (Amber) The WAN port is operating at 100 Mbps.
On (Green) The WAN port is operating at 1000 Mbps.
Downlink (LAN) Ports
Left LED Off The LAN port has no link.
On (Green) The LAN port has detected a link with a connected Ethernet device.
Blink (Green) Data is being transmitted or received by the LAN port.
Right LED Off The LAN port is operating at 10 Mbps.
On (Amber) The LAN port is operating at 100 Mbps.
On (Green) The LAN port is operating at 1000 Mbps.
Introduction 1-9
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
3) Status LED
4) HDD LED
5) USB Port
7) Uplink Port
8) Downlink Port
7) Uplink LEDs
8) Downlink LEDs
2) Power LED
1) Console Port
6) Mgmt Port
Front Panel STM300
Figure 1-3 shows the front panel ports and LEDs of the STM300.
Figure 1-3
From left to right, the STM300’s front panel shows the following ports and LEDs:
1. Console port. Port for connecting to an optional console terminal. The ports has a DB9 male
connector. The default baud rate is 9600 K. The pinouts are: (2) Tx, (3) Rx, (5) and (7) Gnd.
2. Power LED.
3. Status LED.
4. Hard drive (HDD) LED.
5. One non-functioning USB port: this port is included for future management enhancements.
The port is currently not operable on any STM model.
6. Dedicated management (Mgmt) Gigabit Ethernet port with an RJ-45 connector.
7. One uplink (WAN) Gigabit Ethernet port with an RJ-45 connector, left LED, and right LED.
8. One downlink (LAN) Gigabit Ethernet port with RJ-45 connectors, left LEDs, and right LED.
Note: All Gigabit Ethernet ports provide switched N-way, automatic speed-negotiating,
auto MDI/MDIX technology.
1-10 Introduction
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Refer ence Manual
The function of each STM300 LED is described in the following table:
Table 1-3. LED Descriptions for the STM300
Object Activity Description
Power On (Green) Power is supplied to the STM.
Off Power is not supplied to the STM.
Status On (Amber) during
startup.
Off The system has completed its initialization successfully. The Status
Blinking (Amber) The STM is shutting down.
HDD On (Green) Information is being written to the hard drive.
Off No hard drive activity.
The STM is initializing. After approximately 2 minutes, when the STM
has completed its initialization, the Status LED turns off. If the Status
LED remains on, the initialization has failed.
LED should be off during normal operation.
Software is being updated.
A hot fix is being installed.
One of the three licenses has expired. To stop the Status LED from
blinking, renew the license, or click the Stop LED Blinking button on
the System Status screen (see “Viewing System Status” on page 6-19).
Uplink (WAN) Port
Left LED Off The WAN port has no physical link, that is, no Ethernet cable is plugged
into the STM.
On (Green) The WAN port has a valid connection with a device that provides an
Internet connection.
Blink (Green) Data is being transmitted or received by the WAN port.
Right LED Off The WAN port is operating at 10 Mbps.
On (Green) The WAN port is operating at 100 Mbps.
On (Amber) The WAN port is operating at 1000 Mbps.
Downlink (LAN) Ports
Left LED Off The LAN port has no link.
On (Green) The LAN port has detected a link with a connected Ethernet device.
Blink (Green) Data is being transmitted or received by the LAN port.
Right LED Off The LAN port is operating at 10 Mbps.
On (Green) The LAN port is operating at 100 Mbps.
On (Amber) The LAN port is operating at 1000 Mbps.
Introduction 1-11
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
3) Status LED
4) HDD LED
5) USB Port
2) Power LED
1) Console Port
6) Mgmt Port
7) Pair 1 LEDs
8) Pair 2 LEDs
7) Pair 1 Ports
8) Pair 2 Ports
Front Panel STM600
Figure 1-4 shows the front panel ports and LEDs of the STM600.
Figure 1-4
From left to right, the STM600’s front panel shows the following ports and LEDs:
1. Console port. Port for connecting to an optional console terminal. The ports has a DB9 male
connector. The default baud rate is 9600 K. The pinouts are: (2) Tx, (3) Rx, (5) and (7) Gnd.
2. Power LED.
3. Status LED.
4. Hard drive (HDD) LED.
5. One non-functioning USB port: this port is included for future management enhancements.
The port is currently not operable on any STM model.
6. Dedicated management (Mgmt) Gigabit Ethernet port with an RJ-45 connector.
7. Pair 1 uplink (WAN) and downlink (LAN) Gigabit Ethernet ports with RJ-45 connectors, left
LEDs, and right LEDs.
8. Pair 2 uplink (WAN) and downlink (LAN) Gigabit Ethernet ports with RJ-45 connectors, left
LEDs, and right LEDs.
Note: All Gigabit Ethernet ports provide switched N-way, automatic speed-negotiating,
auto MDI/MDIX technology.
1-12 Introduction
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Refer ence Manual
The function of each STM600 LED is described in the following table:
Table 1-4. LED Descriptions for the STM600
Object Activity Description
Power On (Green) Power is supplied to the STM.
Off Power is not supplied to the STM.
Status On (Amber) during
startup.
Off The system has completed its initialization successfully. The Status
Blinking (Amber) The STM is shutting down.
HDD On (Green) Information is being written to the hard drive.
Off No hard drive activity.
The STM is initializing. After approximately 2 minutes, when the STM
has completed its initialization, the Status LED turns off. If the Status
LED remains on, the initialization has failed.
LED should be off during normal operation.
Software is being updated.
A hot fix is being installed.
One of the three licenses has expired. To stop the Status LED from
blinking, renew the license, or click the Stop LED Blinking button on
the System Status screen (see “Viewing System Status” on page 6-19).
Uplink (WAN) Port
Left LED Off The WAN port has no physical link, that is, no Ethernet cable is plugged
into the STM.
On (Green) The WAN port has a valid connection with a device that provides an
Internet connection.
Blink (Green) Data is being transmitted or received by the WAN port.
Right LED Off The WAN port is operating at 10 Mbps.
On (Green) The WAN port is operating at 100 Mbps.
On (Amber) The WAN port is operating at 1000 Mbps.
Downlink (LAN) Ports
Left LED Off The LAN port has no link.
On (Green) The LAN port has detected a link with a connected Ethernet device.
Blink (Green) Data is being transmitted or received by the LAN port.
Right LED Off The LAN port is operating at 10 Mbps.
On (Green) The LAN port is operating at 100 Mbps.
On (Amber) The LAN port is operating at 1000 Mbps.
Introduction 1-13
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
1) Console Port
2) Lock
3) Power Button
4) Reset Button
5) AC Power Socket
Rear Panel Features
The rear panel of the STM150 differs from the rear panels of the STM300 and STM600.
Rear Panel STM150
Figure 1-5 shows the rear panel components of the STM150.
Figure 1-5
From left to right, the STM150’s rear panel components are:
1. Console port. Port for connecting to an optional console terminal. The ports has a DB9 male
connector. The default baud rate is 9600 K. The pinouts are: (2) Tx, (3) Rx, (5) and (7) Gnd.
2. Kensington lock. Attach an optional Kensington lock to prevent unauthorized removal of the
STM150.
3. Power Button. Press to restart the STM150. Restarting does not reset the STM150 to its
factory defaults.
4. Reset Button. Using a sharp object, press and hold this button for about 10 seconds until the
front panel Test light flashes and the STM150 returns to factory default settings.
5. AC power socket. Attach the power cord to this socket.
1-14 Introduction
Note: If you reset the STM150, all configuration settings are lost and the default
passwords are restored.
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Refer ence Manual
1) Power Switch
2) AC Power Socket
Rear Panel STM300 and STM600
The rear panels of the STM300 and STM600 are identical.
Figure 1-6 shows the rear panel components of the STM300 and STM600.
Figure 1-6
From left to right, the STM300’s and STM600’s rear panel components (excluding the four fan air
outlets) are:
1. Power switch. Switch to turn the STM300 or STM600 on or off. Restarting does not reset the
STM300 or STM600 to its factory defaults.
Note: The STM300 and STM600 do not provide a Reset button. To reset the
STM300 or STM600 to factory default setting using the Web Management
Interface, see “Reverting to Factory Default Settings” on page 3-18.
2. AC power socket. Attach the power cord to this socket.
Bottom Panel With Product Label
The product label on the bottom of the STM’s enclosure displays the STM’s default IP address,
default user name, and default password, as well as regulatory compliance, input power, and other
information.
Introduction 1-15
v1.0, September 2009
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
STM150 Product Label
Figure 1-7
STM300 Product Label
Figure 1-8
1-16 Introduction
v1.0, September 2009
Loading...