into any language in any form or by any means without the written permission of NETGEAR, Inc.
Technical Support
Thank you for choosing NETGEAR. To register your product, get the latest product updates, or get support online,
visit us at http://support.netgear.com.
Phone (US & Canada only): 1-888-NETGEAR
Phone (Other Countries): See Support information card.
Product Updates
Product updates are available on the NETGEAR website at http://prosecure.netgear.com or
http://kb.netgear.com/app/home.
ProSecure Forum
Go to http://prosecure.netgear.com/community/forum.php for information about the ProSecure forum and to
become part of the ProSecure community.
Trademarks
NETGEAR, the NETGEAR logo, ReadyNAS, ProSafe, ProSecure, Smart Wizard, Auto Uplink, X-RAID2, and
NeoTV are trademarks or registered trademarks of NETGEAR, Inc. Microsoft, Windows, Windows NT, and Vista
are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or
trademarks of their respective holders.
Statement of Conditions
To improve internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes
to the products described in this document without notice. NETGEAR does not assume any liability that may occur
due to the use, or application of, the product(s) or circuit layout(s) described herein.
Revision History
Manual Part
Number
202-10519-06 1.0February 2011Made the following changes:
Manual
Version
Number
Publication Date Description
• Upgraded the book to the new format.
• Entirely revised Chapter 6, Monitoring System Access and
Performance, to document the new Logs, Reports, and Alerts
configuration menus that replaced the old Logs & Report
configuration menu.
• Added Appendix A, Report Templates.
• Separated the traffic logs into email traffic logs and Web traffic
logs (see Configuring and Activating System, Email, and Syslog
Logs and Querying Logs).
• Under the Monitoring main navigation menu, replaced all
screen shots that showed the old Logs & Reports configuration
menu with screen shots that show the new Alerts, Logs, and
Reports configuration menus.
• Using the DC Agent (see Understanding the ProSecure DC
Agent, Requirements for the ProSecure DC Agent Software
and DC Agent Server, and Downloading ProSecure DC Agent
Software, and Creating and Deleting DC Agents)
Also added the following minor features:
• Requirement to accept terms of service agreement on the
Real-Time Blacklist screen
• Capability to set the public host, IP address, and port on the
Distributed Spam Analysis screen
• Capability to replace the content of a blocked page with custom
text
• Capability to enable and disable SSLv2
• Refinements in the active users search methods.
• Domain information in the output screens that are accessible
from the Monitoring menu
• Testing a URL as part of the diagnostics tools
202-10519-01 1.1October 2009Index update.
202-10519-01 1.0September 2009 Initial publication of this reference manual.
| 3
Contents
Chapter 1 Introduction
What Is the ProSecure Web/Email Security Threat Management Appliance
Accessing the Knowledge Base and Documentation. . . . . . . . . . . . . .231
Appendix A Report Templates
Appendix B Default Settings and Technical Specifications
Appendix C Related Documents
Appendix D Notification of Compliance
Index
Contents |7
1. Introduction
This chapter provides an overview of the features and capabilities of the ProSecure
Web/Email Security Threat Management Appliance STM150, STM300, and STM600. It also
identifies the physical features of the appliances and the contents of the product packages.
This chapter contains the following sections:
• What Is the ProSecure Web/Email Security Threat Management Appliance STM150,
STM300, or STM600? on this page
• What Can You Do with an STM? on page 9
• Key Features and Capabilities on page 9
• Service Registration Card with License Keys on page 12
• Package Contents on page 13
• Hardware Features on page 14
• Choosing a Location for the STM on page 23
1
What Is the ProSecure Web/Email Security Threat
Management Appliance STM150, STM300, or STM600?
The ProSecure Web/Email Security Threat Management Appliance STM150, STM300, or
STM600, hereafter referred to as the STM, is an appliance-based, Web and email security
solution that protects the network perimeter against Web-borne threats from spyware,
viruses, email, and blended threats. Ideally deployed at the gateway, it serves as the
network’s first line of defense against all types of threats, and complements firewalls,
intrusion detection systems (IDS)/intrusion prevention systems (IPS), dedicated Intranet
security products, and endpoint antivirus and antispyware software.
Powered by patent-pending Stream Scanning technology and backed by one of the most
comprehensive malware databases in the industry, the STM can detect and stop all known
spyware and viruses at the gateway, preventing them from reaching your desktops and
servers, where cleanup would be much more difficult.
In addition to scanning HTTP, HTTPS, FTP, SMTP, POP3, and IMAP traffic, the STM protects
networks against spam phishing attacks and unwanted Web use. The STM is a
plug-and-play device that can be installed and configured within minutes.
The STM combines robust protection against malware threats with ease of use and
advanced reporting and notification features to help you deploy and manage the device with
minimal effort.
Here are some of the things that you can do with the STM:
• Protect the network instantly. The STM is a plug-and-play security solution that can be
instantly added to networks without the need for network reconfiguration.
• Scan network traffic for malware. Using the Stream Scanning technology, you can
configure the STM to scan HTTP, HTTPS, FTP, SMTP, POP3, and IMAP protocols.
Unlike traditional batch-based scan engines that need to cache the entire file before they
can scan, this scan engine checks traffic as it enters the network, ensuring unimpeded
network performance.
• Set access policies for individual users or groups. You can configure Web and email
access policies for individual users and groups based on the STM’s local database, on a
group IP address, on a Lightweight Directory Access Protocol (LDAP) domain, group, or
user, or on a RADIUS VLAN.
• Receive real-time alerts and generate comprehensive reports. You can configure the
STM to send alerts when a malware attack or outbreak is detected on the network.
Real-time alerts can be sent by email, allowing you to monitor malware events wherever
you are.
By configuring the STM to send malware alerts, you can isolate and clean the infected
computer before the malware incident can develop into a full-blown outbreak. The STM
also provides comprehensive reports that you can use to analyze network and malware
trends.
• Manage through SNMP support. You can enable and configure the STM’s Simple
Network Management Protocol (SNMP) settings to receive SNMP traps through a
supported management information base (MIB) browser.
• Allow automated component updates. Downloading components regularly is the key to
ensuring updated protection against new threats. The STM makes this administrative
task easier by supporting automatic malware pattern, program, and engine updates.
Key Features and Capabilities
The STM provides the following key features and capabilities:
• Up to two pairs of 10/100/1000 Mbps Gigabit Ethernet WAN ports (see STM Model
Comparison on page 12).
• Scalable support (see STM Model Comparison on page 12) for:
• Stream Scanning technology that enables scanning of real-time protocols such as HTTP.
• Comprehensive Web and email inbound and outbound security, covering six major
network protocols: HTTP, HTTPS, FTP, SMTP, POP3, and IMAP.
• URL content filtering with 64 categories.
• Malware database containing hundreds of thousands of signatures of spyware, viruses,
and other malware threats.
• Very frequently updated malware signatures, hourly if required. The STM can
automatically check for new malware signatures as frequently as every 15 minutes.
• Multiple antispam technologies to provide extensive protection against unwanted emails.
• Spam and malware quarantine for easy analysis.
• Web application control, including access control for instant messaging, media
applications, peer-to-peer applications, and Web-based tools and toolbars.
• User management with LDAP, Active Directory, and RADIUS integration, allowing you to
configure access policies per user and per group.
• Easy, Web-based wizard setup for installation and management.
• SNMP-manageable.
• Dedicated management interface. (This feature is model dependent; see STM Model
Comparison on page 12.)
• Hardware bypass port to prevent network disruption in case of failure. (This feature is
model dependent; see STM Model Comparison on page 12.)
• Front panel LEDs for easy monitoring of status and activity.
• Internal universal switching power supply.
Stream Scanning for Content Filtering
Stream Scanning is based on the simple observation that network traffic travels in streams.
The STM scan engine starts receiving and analyzing traffic as the stream enters the network.
As soon as a number of bytes are available, scanning starts. The scan engine continues to
scan more bytes as they become available, while at the same time another thread starts to
deliver the bytes that have been scanned.
This multithreaded approach, in which the receiving, scanning, and delivering processes
occur concurrently, ensures that network performance remains unimpeded. The result is file
scanning that is up to five times faster than with traditional antivirus solutions—a performance
advantage that you will notice.
Stream Scanning also enables organizations to withstand massive spikes in traffic, as in the
event of a malware outbreak. The scan engine has the following capabilities:
• Real-time protection. The Stream Scanning technology enables scanning of previously
undefended real-time protocols, such as HTTP. Network activities susceptible to latency
(for example, Web browsing) are no longer brought to a standstill.
• Comprehensive protection. Provides both Web and email security, covering six major
network protocols: HTTP, HTTPS, FTP, SMTP, POP3, and IMAP. The STM uses
enterprise-class scan engines employing both signature-based and distributed spam
analysis to stop both known and unknown threats. The malware database contains
hundreds of thousands of signatures of spyware, viruses, and other malware.
• Objectionable traffic protection. The STM prevents objectionable content from
reaching your computers. You can control access to the Internet content by screening for
Web categories, Web addresses, and Web services. You can log and report attempts to
access objectionable Internet sites.
• Automatic signature updates. Malware signatures are updated as frequently as every
hour, and the STM can check automatically for new signatures as frequently as every 15
minutes.
Autosensing Ethernet Connections with Auto Uplink
With its internal 10/100/1000 ports, the STM can connect to either a 10 Mbps standard
Ethernet network, a 100 Mbps Fast Ethernet network, or a 1000 Mbps Gigabit Ethernet
network. The interfaces are autosensing and capable of full-duplex or half-duplex operation.
The STM incorporates Auto Uplink
whether the Ethernet cable plugged into the port should have a “normal” connection such as
to a PC or an “uplink” connection such as to a switch or hub. That port then configures itself
correctly. This feature eliminates the need to think about crossover cables, as Auto Uplink
accommodates either type of cable to make the right connection.
TM
technology. Each Ethernet port automatically senses
Easy Installation and Management
You can install, configure, and operate the STM within minutes after connecting it to the
network. The following features simplify installation and management tasks:
• Browser-based management. Browser-based configuration allows you to easily
configure the STM from almost any type of operating system, such as Windows,
Macintosh, or Linux. A user-friendly Setup Wizard is provided, and online help
documentation is built into the browser-based Web Management Interface.
• SNMP. The STM supports SNMP to let you monitor and manage log resources from an
SNMP-compliant system manager. The SNMP system configuration lets you change the
system variables for MIB2.
• Diagnostic functions. The STM incorporates built-in diagnostic functions such as a ping
utility, traceroute utility, DNS lookup utility, and remote restart.
• Remote management. The STM allows you to log in to the Web Management Interface
from a remote location on the Internet. For security, you can limit remote management
access to a specified remote IP address or range of addresses.
• Visual monitoring. The STM’s front panel LEDs provide an easy way to monitor its
NETGEAR offers technical support seven days a week, 24 hours a day. Information about
support is available on the NETGEAR ProSecure website at
http://prosecure.netgear.com/support/index.php.
STM Model Comparison
The following table compares the three STM models to show the differences:
Table 1. Differences between the STM Models
FeatureSTM150STM300STM600
Performance and Sizing Guidelines
Concurrent usersUp to 150Up to 300Up to 600
Web scan throughput42 Mbps136 Mbps307 Mbps
Concurrent scanned HTTP connections150030006000
SMTP throughput (emails per hour)122,000355,000550,000
Hardware
Gigabit RJ-45 portsTotal of 5 ports:
• 1 uplink
• 4 downlink
Gigabit RJ45 port pairs with failure bypass01 pair of ports2 pairs of ports
Dedicated management VLAN RJ45 ports 011
a. The STM600 provides two pairs of ports, allowing for support of two separate networks or subnets with
strict traffic separation.
Total of 3 ports:
• 1 pair of ports
(1 uplink and
1 downlink)
• 1 management
Total of 5 ports:
• 2 pairs of ports
(2 uplink and
2 downlink)
• 1 management
Service Registration Card with License Keys
Be sure to store the license key card that came with your STM in a secure location. You do
need these keys to activate your product during the initial setup.
Note: If you reset the STM to the original factory default settings after you
have entered the license keys to activate the STM (see Registering
the STM with NETGEAR on page 50), the license keys are erased.
The license keys and the different types of licenses that are
available for the STM are no longer displayed on the Registration
screen. However, after you have reconfigured the STM to connect to
the Internet and to the NETGEAR registration server, the STM
retrieves and restores all registration information based on its MAC
address and hardware serial number. You do not need to reenter the
license keys and reactivate the STM.
Package Contents
The STM product package contains the following items:
• ProSecure Web/Email Security Threat Management Appliance STM150, STM300, or
• ProSecure™ Web/Email Security Threat Management Applliance STM150, STM300, or
STM600 Installation Guide
• Depending on the model purchased, service registration card with one or more license
keys
If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep
the carton, including the original packing materials, in case you need to return the product for
repair.
Hardware Features
The front panel ports and LEDs, rear panel ports, and bottom label of the STM models are
described in this section.
Front Panel Ports and LEDs
The front panels of the three STM models provide different components.
STM150 Front Panel
The following figure shows the front panel ports and status light-emitting diodes (LEDs) of the
STM150:
1) Power LED
4) Uplink LEDs
2) Test LED
Figure 2.
From left to right, the STM150’s front panel shows the following ports and LEDs:
1. Power LED.
2. Test LED.
3. One nonfunctioning USB port. This port is included for future management enhancements.
The port is currently not operable on any STM model.
3) USB port
4) Uplink port
5) Downlink LEDs
5) Downlink ports
4. One uplink (WAN) Gigabit Ethernet port with an RJ-45 connector, left LED, and right LED.
5. Four downlink (LAN) Gigabit Ethernet ports with RJ-45 connectors, left LEDs, and right
Note: All Gigabit Ethernet ports provide switched N-way, automatic
speed-negotiating, auto MDI/MDIX technology.
The function of each STM150 LED is described in the following table:
Table 2. LED Descriptions for the STM150
ObjectActivityDescription
PowerOn (green)Power is supplied to the STM.
OffPower is not supplied to the STM.
TestOn (amber) during
startup
OffThe system has completed its initialization successfully. The Test LED
Blinking (amber)The STM is shutting down.
Uplink (WAN) Port
Left LEDOffThe WAN port has no physical link, that is, no Ethernet cable is plugged into
On (green)The WAN port has a valid connection with a device that provides an Internet
Blink (green)Data is being transmitted or received by the WAN port.
Right LEDOffThe WAN port is operating at 10 Mbps.
The STM is initializing. After approximately 2 minutes, when the STM has
completed its initialization, the Test LED turns off. If the Test LED remains
on, the initialization has failed.
should be off during normal operation.
Software is being updated.
A hotfix is being installed.
One of the three licenses has expired. To stop the Test LED from blinking,
renew the license, or click the Stop LED Blinking button on the System
Status screen (see Viewing System Status on page 192).
the STM.
connection.
On (amber)The WAN port is operating at 100 Mbps.
On (green)The WAN port is operating at 1000 Mbps.
Downlink (LAN) Ports
Left LEDOffThe LAN port has no link.
On (green)The LAN port has detected a link with a connected Ethernet device.
Blink (green)Data is being transmitted or received by the LAN port.
The function of each STM300 LED is described in the following table:
Table 3. LED Descriptions for the STM300
ObjectActivityDescription
PowerOn (green)Power is supplied to the STM.
OffPower is not supplied to the STM.
StatusOn (amber) during
startup
OffThe system has completed its initialization successfully. The Status LED
Blinking (amber)The STM is shutting down.
HDDOn (Green)Information is being written to the hard drive.
OffNo hard drive activity.
Uplink (WAN) Port
Left LEDOffThe WAN port has no physical link, that is, no Ethernet cable is plugged into
On (green)The WAN port has a valid connection with a device that provides an Internet
The STM is initializing. After approximately 2 minutes, when the STM has
completed its initialization, the Status LED turns off. If the Status LED
remains on, the initialization has failed.
should be off during normal operation.
Software is being updated.
A hotfix is being installed.
One of the three licenses has expired. To stop the Status LED from blinking,
renew the license, or click the Stop LED Blinking button on the System
Status screen (see Viewing System Status on page 192).
the STM.
connection.
Blink (green)Data is being transmitted or received by the WAN port.
Right LEDOffThe WAN port is operating at 10 Mbps.
On (green)The WAN port is operating at 100 Mbps.
On (amber)The WAN port is operating at 1000 Mbps.
Downlink (LAN) Ports
Left LEDOffThe LAN port has no link.
On (green)The LAN port has detected a link with a connected Ethernet device.
Blink (green)Data is being transmitted or received by the LAN port.
Right LEDOffThe LAN port is operating at 10 Mbps.
On (green)The LAN port is operating at 100 Mbps.
On (amber)The LAN port is operating at 1000 Mbps.
The function of each STM600 LED is described in the following table:
Table 4. LED Descriptions for the STM600
ObjectActivityDescription
PowerOn (green)Power is supplied to the STM.
OffPower is not supplied to the STM.
StatusOn (amber) during
startup
OffThe system has completed its initialization successfully. The Status LED
Blinking (amber)The STM is shutting down.
HDDOn (green)Information is being written to the hard drive.
OffNo hard drive activity.
Uplink (WAN) Port
Left LEDOffThe WAN port has no physical link, that is, no Ethernet cable is plugged into
On (green)The WAN port has a valid connection with a device that provides an Internet
The STM is initializing. After approximately 2 minutes, when the STM has
completed its initialization, the Status LED turns off. If the Status LED
remains on, the initialization has failed.
should be off during normal operation.
Software is being updated.
A hotfix is being installed.
One of the three licenses has expired. To stop the Status LED from blinking,
renew the license, or click the Stop LED Blinking button on the System
Status screen (see Viewing System Status on page 192).
the STM.
connection.
Blink (green)Data is being transmitted or received by the WAN port.
Right LEDOffThe WAN port is operating at 10 Mbps.
On (green)The WAN port is operating at 100 Mbps.
On (amber)The WAN port is operating at 1000 Mbps.
Downlink (LAN) Ports
Left LEDOffThe LAN port has no link.
On (green)The LAN port has detected a link with a connected Ethernet device.
Blink (green)Data is being transmitted or received by the LAN port.
Right LEDOffThe LAN port is operating at 10 Mbps.
On (green)The LAN port is operating at 100 Mbps.
On (amber)The LAN port is operating at 1000 Mbps.
The product label on the bottom of the STM’s enclosure displays the STM’s default IP
address, default user name, and default password, as well as regulatory compliance, input
power, and other information.
The STM is suitable for use in an office environment where it can be freestanding (on its
runner feet) or mounted into a standard 19-inch equipment rack. Alternatively, you can
rack-mount the STM in a wiring closet or equipment room. A mounting kit, containing two
mounting brackets and four screws, is provided in the STM package.
Consider the following when deciding where to position the STM:
• The unit is accessible and cables can be connected easily.
• Cabling is away from sources of electrical noise. These include lift shafts, microwave
ovens, and air-conditioning units.
• Water or moisture cannot enter the case of the unit.
• Airflow around the unit and through the vents in the side of the case is not restricted.
Provide a minimum of 25 mm or 1 inch clearance.
• The air is as free of dust as possible.
• Temperature operating limits are not likely to be exceeded. Install the unit in a clean,
air-conditioned environment. For information about the recommended operating
temperatures for the STM, see Appendix B, Default Settings and Technical
Use the mounting kit for the STM to install the appliance in a rack. (A mounting kit is provided
in the product package for the STM.) The mounting brackets that are supplied with the STM
are usually installed before the unit is shipped out. If the brackets are not yet installed, attach
them using the supplied hardware.
Figure 10.
Before mounting the STM in a rack, verify that:
• You have the correct screws (supplied with the installation kit).
• The rack onto which you will mount the STM is suitably located.
24| Chapter 1. Introduction
2. Using the Setup Wizard to Provision the
STM in Your Network
This chapter describes provisioning the STM in your network. This chapter contains the
following sections:
• Choosing a Deployment Scenario on this page
• Understanding the Steps for Initial Connection on page 27
• Logging In to the STM on page 28
• Using the Setup Wizard to Perform the Initial Configuration on page 32
• Verifying Correct Installation on page 49
• Registering the STM with NETGEAR on page 50
• What to Do Next on page 51
Choosing a Deployment Scenario
The STM is an inline transparent bridge appliance that can easily be deployed to any point
on the network without the need for network reconfiguration or additional hardware.
2
The following are the most common deployment scenarios for the STM. Depending on your
network environment and the areas that you want to protect, you can choose one or a
combination of the deployment scenarios that are described in the following sections:
• Gateway Deployment on this page
• Server Group on page 26
• Segmented LAN Deployment on page 27
Gateway Deployment
In a typical gateway deployment scenario, a single STM appliance is installed at the
gateway—between the firewall and the LAN core switch—to protect the network against all
malware threats entering and leaving the gateway. Installing the STM behind the firewall
protects it from denial of service (DoS) attacks.
Chapter 2. Using the Setup Wizard to Provision the STM in Your Network |25
The following figure shows a typical gateway deployment scenario:
Figure 11.
Server Group
In a server group deployment, one STM appliance is installed at the gateway and another in
front of the server group to help protect the email server from threats from internal as well as
external clients. This type of deployment splits the network load and provides the email
server with dedicated protection against malware threats, including email-borne viruses and
spam. The following figure shows a typical server group deployment scenario:
Figure 12.
26| Chapter 2. Using the Setup Wizard to Provision the STM in Your Network
In a segmented LAN deployment, one STM appliance is installed in front of each network
segment. VLAN traffic can pass through the STM and can be scanned by the STM. This type
of deployment splits the network load and protects network segments from malware threats
coming in through the gateway or originating from other segments. The following figure
shows a typical segmented LAN deployment scenario:
Figure 13.
Understanding the Steps for Initial Connection
Generally, five steps are required to complete the basic and security configuration of your
STM:
1. Connect the STM physically to your network. Connect the cables and restart your
network according to the instructions in the installation guide. See the ProSecure™
Web/Email Security Threat Management Appliance STM150, STM300, or STM600
Installation Guide for complete steps. A PDF of the Installation Guide is on the
4. Verify the installation. See Verifying Correct Installation on page 49.
5. Register the STM. See Registering the STM with NETGEAR on page 50.
Each of these tasks is described separately in this chapter.
Qualified Web Browsers
To configure the STM, you need to use a Web browser such as Microsoft Internet Explorer
5.1 or later, Mozilla Firefox l.x or later, or Apple Safari 1.2 or later with JavaScript, cookies,
and SSL enabled.
Although these Web browsers are qualified for use with the STM’s Web Management
Interface, SSL VPN users should choose a browser that supports JavaScript, Java, cookies,
SSL, and ActiveX to take advantage of the full suite of applications. Note that Java is required
only for the SSL VPN portal, not for the Web Management Interface.
Logging In to the STM
To connect to the STM, your computer needs to be configured to obtain an IP address
automatically from the STM via DHCP. For instructions on how to configure your computer for
DHCP, see the document that you can access from Preparing Your Network in Appendix C.
To connect and log in to the STM:
1. Start any of the qualified browsers, as explained in Qualified Web Browsers on this
page.
2. Enter https://192.168.1.201 in the address field.
https://192.168.1.201
Figure 14.
Note: The STM factory default IP address is 192.168.1.201. If you change
the IP address, you need to use the IP address that you assigned to
the STM to log in to the STM.
The NETGEAR Configuration Manager Login screen displays in the browser (see the
following figure, which shows the STM300).
28| Chapter 2. Using the Setup Wizard to Provision the STM in Your Network
3. In the User Name field, type admin. Use lowercase letters.
4. In the Password field, type password. Here, too, use lowercase letters.
Note: The STM user name and password are not the same as any user
name or password you might use to log in to your Internet
connection.
Note: The first time that you remotely connect to the STM with a browser
via an SSL VPN connection, you might get a warning message
regarding the SSL certificate. If you are using a Windows computer
with Internet Explorer 5.5 or later, simply click Yes to accept the
certificate. Other browsers provide you with similar options to accept
and install the SSL certificate.
If you connect to the STM through the User Portal Login screen (see
Figure 88 on page 156), you can import the STM’s root certificate by
clicking the link at the bottom of the screen.
Chapter 2. Using the Setup Wizard to Provision the STM in Your Network |29
5. Click Login. The Web Management Interface displays, showing the Dashboard screen (see
the following figure, which shows only the top part of the screen). For information about this
screen, see Understanding the Information on the Dashboard Screen on page 184.
Note: During the initial setup, the Setup Wizard displays when you first log
in; afterward the login takes you to the Dashboard screen.
Figure 16.
Note: After 5 minutes of inactivity (the default login time-out), you are
automatically logged out.
Understanding the Web Management Interface Menu Layout
The following figure shows the menu at the top of the STM300’s Web Management Interface.
The Web Management Interface layouts of the STM150 and STM600 are identical to the
STM300.
30| Chapter 2. Using the Setup Wizard to Provision the STM in Your Network
The Web Management Interface menu consists of the following components:
• 1st Level: Main navigation menu links. The main navigation menu in the orange bar
across the top of the Web Management Interface provides access to all the configuration
functions of the STM, and remains constant. When you select a main navigation menu
link, the letters are displayed in white against an orange background.
• 2nd Level: Configuration menu links. The configuration menu links in the gray bar
(immediately below the main navigation menu bar) change according to the main
navigation menu link that you select. When you select a configuration menu link, the
letters are displayed in white against a gray background.
• 3rd Level: Submenu tabs. Each configuration menu item has one or more submenu
tabs that are listed below the gray menu bar. When you select a submenu tab, the text is
displayed in white against a blue background.
The bottom of each screen provides action buttons. The nature of the screen determines
which action buttons are shown. The following figure shows an example:
Figure 18.
Any of the following action buttons might be displayed on screen (this list might not be
complete):
• Apply. Save and apply the configuration.
• Reset. Reset the configuration to default values.
• Test. Test the configuration before you decide whether or not to save and apply the
configuration.
• Auto Detect. Enable the STM to detect the configuration automatically and suggest
values for the configuration.
• Next. Go to the next screen (for wizards).
• Back. Go to the previous screen (for wizards).
• Search. Perform a search operation.
Chapter 2. Using the Setup Wizard to Provision the STM in Your Network |31
When a screen includes a table, table buttons are displayed to let you configure the table
entries. The nature of the screen determines which table buttons are shown. The following
figure shows an example:
Figure 19.
Any of the following table buttons might be displayed on screen:
• Select All. Select all entries in the table.
• Delete. Delete the selected entry or entries from the table.
• Enable. Enable the selected entry or entries in the table.
• Disable. Disable the selected entry or entries in the table.
• Add. Add an entry to the table.
• Edit. Edit the selected entry.
• Up. Move the selected entry up in the table.
• Down. Move the selected entry down in the table.
Almost all screens and sections of screens have an accompanying help screen. To open the
help screen, click the question mark icon. ().
Using the Setup Wizard to Perform the Initial
Configuration
The Setup Wizard facilitates the initial configuration of the STM by taking you through
11 screens, the last of which allows you to save the configuration.
To start the Setup Wizard:
1. Select Global Settings > Network Settings from the menu. The Network Settings
submenu tabs display with the Network Settings screen in view.
2. From the Network Settings configuration menu, select Setup Wizard.
The following sections explain the 11 configuration screens of the Setup Wizard. On the 10th
screen, you can save your configuration. The 11th screen is just an informational screen.
The tables in the following sections explain the buttons and fields of the Setup Wizard
screens. Additional information about the settings in the Setup Wizard screens is provided in
other chapters that explain manual configuration; each following section provides a specific
link to a section in another chapter.
32| Chapter 2. Using the Setup Wizard to Provision the STM in Your Network
SettingDescription (or Subfield and Description)
Management Interface Settings
System NameThe name for the STM for purposes of identification and management. The default
name is the name of your model (STM150, STM300, or STM600).
IP AddressEnter the IP address of the STM through which you will access the Web
Management Interface. The factory default IP address is 192.168.1.201.
Note: If you change the IP address of the STM while being connected through the
browser, you will be disconnected. You then need to open a new connection to the
new IP address and log in again. For example, if you change the default IP address
from 192.168.1.201 to 10.0.0.1, you need to enter https://10.0.0.1 in your browser
to reconnect to the Web Management Interface.
Subnet MaskEnter the IP subnet mask. The subnet mask specifies the network number portion of
an IP address. Unless you are implementing subnetting, use 255.255.255.0 as the
subnet mask.
Gateway AddressEnter the IP address of the gateway through which the STM is accessed.
Primary DNSSpecify the IP address for the primary DNS server.
Secondary DNSAs an option, specify the IP address for the secondary DNS server.
MTU Settings
Maximum Transmission
Unit
The maximum transmission unit (MTU) is the largest physical packet size that a
network can transmit. Packets that are larger than the MTU value are divided into
smaller packets before they are sent, an action that prolongs the transmission
process. For most Ethernet networks the MTU value is 1500 bytes, which is the
default setting.
Note: NETGEAR recommends synchronizing the STM’s MTU setting with that of
your network to prevent delays in transmission.
34| Chapter 2. Using the Setup Wizard to Provision the STM in Your Network
Enter the settings as explained in the following table, and then click Next to go the following
screen.
Note: After you have completed the steps in the Setup Wizard, you can
make changes to the date and time by selecting Administration >
System Date & Time. For more information about these settings,
see Configuring Date and Time Service on page 74.
Table 6. Setup Wizard Step 3: System Date and Time Settings
SettingDescription (or Subfield and Description)
System Date and Time
From the drop-down list, select an NTP server, or select to enter the time manually.
Use Default NTP ServersThe STM regularly updates its real-time clock (RTC), which it uses for scheduling,
by contacting a default NETGEAR NTP server on the Internet. This is the default
setting.
Chapter 2. Using the Setup Wizard to Provision the STM in Your Network |35
Table 6. Setup Wizard Step 3: System Date and Time Settings (Continued)
SettingDescription (or Subfield and Description)
Use Custom NTP ServersThe STM regularly updates its RTC by contacting one of the two NTP servers
(primary and backup), both of which you need to specify in the fields that become
available when you select this option.
Note: If you select this option but leave either the Server 1 or Server 2 field blank,
both fields are automatically set to the default NETGEAR NTP servers.
Note: A list of public NTP servers is available at
http://support.ntp.org/bin/view/Servers/WebHome.
Server 1 Name /
IP Address
Server 2 Name /
IP Address
Manually Enter the Date
and Time
Time Zone
From the drop-down list, select the local time zone in which the STM operates. The correct time zone is required
in order for scheduling to work correctly. You do not need to configure daylight savings time, which is applied
automatically when applicable. Greenwich Mean Time (GMT) is the default setting.
Note: When you select a time zone that is not associated with a location, such as (GMT -08:00) GMT-8, daylight
savings time is automatically disabled. When you select a time zone that is associated with a location, such as
(GMT -08:00) Pacific Time ( US & Canada), daylight savings time is automatically enabled.
DateEnter the date in the yyyy-mm-dd (year-month-date) format.
TimeEnter the time in the hh-mm-ss (hour-minutes-seconds) format.
Enter the IP address or host name of the primary NTP server.
Enter the IP address or host name of the secondary NTP
server.
36| Chapter 2. Using the Setup Wizard to Provision the STM in Your Network
Enter the settings as explained in the following table, and then click Next to go the following
screen.
Note: After you have completed the steps in the Setup Wizard, you can
make changes to the email security settings by selecting Email
Security > Policy or Email Security > Anti-Virus. The Email
Anti-Virus screen also lets you specify notification settings and email
alert settings. For more information about these settings, see
Configuring Email Protection on page 87.
Tip: To enhance performance, you can disable scanning of any protocols that
are seldom or never used. Be mindful of the difference between userand server-generated traffic. For example, your mail server might not use
IMAP, but some users might configure IMAP clients.
Chapter 2. Using the Setup Wizard to Provision the STM in Your Network |37
SettingDescription (or Subfield and Description)
Services to Scan
SMTPSMTP scanning is enabled by default on standard
service port 25.
POP3POP3 scanning is enabled by default on standard
service port 110.
IMAPIMAP scanning is enabled by default on standard
service port 143.
Scan Action
SMTPFrom the SMTP drop-down list, specify one of the following actions to be taken when an infected
email is detected:
• Quarantine attachment. The email is not blocked, but the attachment is removed and placed in
the malware quarantine for further research. In addition, a malware quarantine log entry is
created, and depending on the nature of the malware threat, also a virus log entry or a spyware
log entry.
• Delete attachment. The email is not blocked, but the attachment is deleted, and a virus log entry
or a spyware log entry is created.
• Block infected email. This is the default setting. The email is blocked, and a virus log entry or
a spyware log entry is created.
• Quarantine infected email. The email is placed in the malware quarantine for further research.
In addition, a malware quarantine log entry is created, and depending on the nature of the
malware threat, also a virus log entry or a spyware log entry.
• Log only. Only a virus log entry or a spyware log entry is created. The email is not blocked and
the attachment is not deleted.
To disable any of these services, clear the
corresponding check box. You can change
the standard service port or add another port
in the corresponding Ports to Scan field.
POP3From the POP3 drop-down list, specify one of the following actions to be taken when an infected
email is detected:
• Quarantine attachment. The email is not blocked, but the attachment is removed and placed in
the malware quarantine for further research. In addition, a malware quarantine log entry is
created, and depending on the nature of the malware threat, also a virus log entry or a spyware
log entry.
• Delete attachment. This is the default setting. The email is not blocked, but the attachment is
deleted, and a virus log entry or a spyware log entry is created.
• Log only. Only a virus log entry or a spyware log entry is created. The email is not blocked and
the attachment is not deleted.
IMAPFrom the IMAP drop-down list, specify one of the following actions to be taken when an infected
email is detected:
• Quarantine attachment. The email is not blocked, but the attachment is removed and placed in
the malware quarantine for further research. In addition, a malware quarantine log entry is
created, and depending on the nature of the malware threat, also a virus log entry or a spyware
log entry.
• Delete attachment. This is the default setting. The email is not blocked, but the attachment is
deleted, and a virus log entry or a spyware log entry is created.
• Log only. Only a virus log entry or a spyware log entry is created. The email is not blocked and
the attachment is not deleted.
38| Chapter 2. Using the Setup Wizard to Provision the STM in Your Network
SettingDescription (or Subfield and Description)
Scan Exceptions
From the drop-down list, specify one of the following actions to be taken when an email attachment exceeds the
size that you specify in the file size field:
• Skip. The file is not scanned but skipped, leaving the end user vulnerable. This is the default setting.
• Block. The file is blocked and does not reach the end user.
The default and maximum file sizes are as follows:
• For the STM600, the default setting is to block any attachment larger than 10240 KB. The maximum file size
that you can specify is 51200 KB.
• For the STM300, the default setting is to block any attachment larger than 10240 KB. The maximum file size
that you can specify is 25600 KB.
• For the STM150, the default setting is to block any attachment larger than 8192 KB. The maximum file size
that you can specify is 25600 KB.
Note: Setting the maximum file size to a high value might affect the STM’s performance. NETGEAR
recommends the default value, which is sufficient to detect the vast majority of threats.
Setup Wizard Step 5 of 11: Web Security
Figure 24.
Enter the settings as explained in the following table, and then click Next to go the following
screen.
Chapter 2. Using the Setup Wizard to Provision the STM in Your Network |39
Note: After you have completed the steps in the Setup Wizard, you can
make changes to the Web security settings by selecting Web
Security > Policy or Web Security > HTTP/HTTPS > Malware
Scan. The Malware Scan screen also lets you specify HTML
scanning and notification settings. For more information about these
settings, see Configuring Web and Services Protection on page 105.
Table 8. Setup Wizard Step 5: Web Security Settings
SettingDescription (or Subfield and Description)
Services to Scan
HTTPHTTP scanning is enabled by
default on standard service port 80.
HTTPSHTTPS scanning is disabled by
default.
FTPFTP scanning is enabled by default
on standard service port 21.
Scan Action
HTTPFrom the HTTP drop-down list, specify one of the following actions to be taken when an infected
Web file or object is detected:
• Quarantine file. The Web file or object is removed and placed in the malware quarantine for
further research. In addition, a malware quarantine log entry is created, and depending on the
nature of the malware threat, also a virus log entry or spyware log entry.
• Delete file. This is the default setting. The Web file or object is deleted, and a virus log entry or
spyware log entry is created.
• Log only. Only a virus log entry or spyware log entry is created. The Web file or object is not
deleted.
Select the Streaming check box to enable streaming of partially downloaded and scanned HTTP
file parts to the end user. This method allows the user to experience more transparent Web
downloading. Streaming is enabled by default.
To disable Hypertext Transfer Protocol (HTTP) scanning,
clear the corresponding check box. You can change the
standard service port or add another port in the
corresponding Ports to Scan field.
To enable Hypertext Transfer Protocol over Secure Socket
Layer (HTTPS) scanning, select the corresponding check
box. You can change the standard service port (number 443)
or add another port in the corresponding Ports to Scan field.
To disable File Transfer Protocol (FTP) scanning, clear the
corresponding check box. You can change the standard
service port or add another port in the corresponding Ports to
Scan field.
40| Chapter 2. Using the Setup Wizard to Provision the STM in Your Network
Table 8. Setup Wizard Step 5: Web Security Settings (Continued)
SettingDescription (or Subfield and Description)
HTTPSFrom the HTTPS drop-down list, specify one of the following actions to be taken when an infected
Web file or object is detected:
• Quarantine file. The Web file or object is removed and placed in the malware quarantine for
further research. In addition, a malware quarantine log entry is created, and depending on the
nature of the malware threat, also a virus log entry or spyware log entry.
• Delete file. This is the default setting. The Web file or object is deleted, and a virus log entry or
spyware log entry is created.
• Log only. Only a virus log entry or spyware log entry is created. The Web file or object is not
deleted.
Select the Streaming check box to enable streaming of partially downloaded and scanned HTTPS
file parts to the end user. This method allows the user to experience more transparent Web
downloading. Streaming is enabled by default.
FTPFrom the FTP drop-down list, specify one of the following actions to be taken when an infected Web
file or object is detected:
• Quarantine file. The Web file or object is removed and placed in the malware quarantine for
further research. In addition, a malware quarantine log entry is created, and depending on the
nature of the malware threat, also a virus log entry or spyware log entry.
• Delete file. This is the default setting. The Web file or object is deleted, and a virus log entry or
spyware log entry is created.
• Log only. Only a virus log entry or spyware log entry is created. The Web file or object is not
deleted.
Scan Exceptions
From the drop-down list, specify one of the following actions to be taken when a Web file or object exceeds the
size that you specify in the file size field:
• Skip. The file is not scanned but skipped, leaving the end user vulnerable. This is the default setting.
• Block. The file is blocked and does not reach the end user.
The default and maximum file sizes are as follows:
• For the STM600 and STM300, the default setting is to block any attachment larger than 10240 KB. The
maximum file size that you can specify is 51200 KB.
• For the STM150, the default setting is to block any attachment larger than 8192 KB. The maximum file size
that you can specify is 25600 KB.
Note: Setting the maximum file size to a high value might affect the STM’s performance. NETGEAR
recommends the default value, which is sufficient to detect the vast majority of threats.
Chapter 2. Using the Setup Wizard to Provision the STM in Your Network |41
Setup Wizard Step 6 of 11: Email Notification Server Settings
Figure 25.
Enter the settings as explained in the following table, and then click Next to go the following
screen.
Note: After you have completed the steps in the Setup Wizard, you can
make changes to the administrator email notification settings by
selecting Global Settings > Email Notification Server. For more
information about these settings, see Configuring the Email
Notification Server on page 176.
Table 9. Setup Wizard Step 6: Email Notification Server Settings
SettingDescription (or Subfield and Description)
Email Notification Server Settings
Show as Mail SenderA descriptive name of the sender for email identification purposes. For example,
enter stm600notification@netgear.com.
Send Notifications toThe email address to which the notifications should be sent. Typically, this is the
email address of a user with administrative privileges.
SMTP ServerThe IP address and port number or Internet name and port number of your ISP’s
outgoing email SMTP server. The default port number is 25.
Note: If you leave this field blank, the STM cannot send email notifications.
Mail Server Requires
Authentication
If the SMTP server requires authentication, select the Mail Server Requires Authentication check box and enter the following settings:
User NameThe user name for SMTP server authentication.
PasswordThe password for SMTP server authentication.
42| Chapter 2. Using the Setup Wizard to Provision the STM in Your Network
Enter the settings as explained in the following table, and then click Next to go the following
screen.
Note: After you have completed the steps in the Setup Wizard, you can
make changes to the security subscription update settings by
selecting Administration > Software Update. For more information
about these settings, see Updating the Software on page 71.
Chapter 2. Using the Setup Wizard to Provision the STM in Your Network |43
SettingDescription (or Subfield and Description)
System Information
You cannot configure this section; it is shown for information only. For the software, scan engine, (signature)
pattern file, and operating system (OS), the current version and the date of the last update are displayed.
Click + More to display the versions and most recent downloads for the antispam engine, applications engine,
applications pattern file, stream engine, stream pattern file, mini engine, mini pattern file, policyd, scand, urld,
update client, and rescue software.
Update Settings
Update FromSelect one of the following radio buttons:
• Default Update Server. The scan engine and signatures are updated from the
NETGEAR default update server.
• Another Update Server. The scan engine and signatures are updated from a server
that you specify by entering the server IP address or host name in the Server Address
field.
Server Address The update server IP address or host name.
Update ComponentMake one of the following selections from the drop-down list:
• Update Signature Patterns only. Only the (signature) pattern file is updated. The
software, scan engine, and OS are not updated.
• Update all Software and Signature Patterns. The software, scan engine,
(signature) pattern file, and OS are updated. This is the default setting.
Update Frequency
Make one of the following selections:
• Weekly. From the drop-down lists, specify the day, hour, and minutes that the update should occur.
• Daily. From the drop-down lists, specify the hour and minutes that the update should occur.
• Every. From the drop-down list, specify the frequency with which the update should occur.
44| Chapter 2. Using the Setup Wizard to Provision the STM in Your Network
Enter the settings as explained in the following table, and then click Next to go the following
screen.
Note: After you have completed the steps in the Setup Wizard, you can
make changes to the security subscription update settings by
selecting Global Settings> HTTP Proxy. For more information
about these settings, see Configuring the HTTP Proxy Settings on
page 60.
SettingDescription (or Subfield and Description)
HTTPS Proxy Settings
Use a Proxy Server to
Connect to the Internet
If computers on the network connect to the Internet via a proxy server, select the
Use a Proxy Server to Connect to the Internet check box to specify and enable a
proxy server. Enter the following settings:
Proxy ServerThe IP address and port number of the proxy server.
User NameThe user name for proxy server authentication.
PasswordThe password for proxy server authentication.
Chapter 2. Using the Setup Wizard to Provision the STM in Your Network |45
Note: After you have completed the steps in the Setup Wizard, you can
make changes to the content filtering settings by selecting Web
Security > HTTP/HTTPS > Content Filtering. The Content Filtering
screen lets you specify additional filtering tasks and notification
settings. For more information about these settings, see Configuring
Web Content Filtering on page 109.
Table 12. Setup Wizard Step 9: Web Categories Settings
SettingDescription (or Subfield and Description)
Select the Web Categories You Wish to Block
Select the Enable Blocking check box to enable blocking of Web categories, which is the default setting.
Select the check boxes of any Web categories that you want to block. Use the action buttons in the following
way:
• Allow All. All Web categories are allowed.
• Block All. All Web categories are blocked.
• Set to Defaults. Blocking and allowing of Web categories are returned to their default settings. See Table 24
on page 85 for information about the Web categories that are blocked by default. Categories that are
preceded by a green rectangle are allowed by default; categories that are preceded by a pink rectangle are
blocked by default.
Chapter 2. Using the Setup Wizard to Provision the STM in Your Network |47
Wizard screen 11 is just an informational screen to let you know that the system restarts
automatically with the new configuration.
Verifying Correct Installation
Test the STM before deploying it in a live production environment. The following instructions
walk you through a couple of quick tests designed to ensure that your STM is functioning
correctly.
Testing Connectivity
Verify that network traffic can pass through the STM:
• Test an Internet URL (see Testing a URL on page 217).
• Ping the IP address of a device on either side of the STM.
Testing HTTP Scanning
If client computers have direct access to the Internet through your LAN, try to download the
eicar.com test file from http://www.eicar.org/download/eicar.com.
The eicar.com test file is a legitimate DoS program and is safe to use because it is not a
malware threat and does not include any fragments of malware code. The test file is provided
by EICAR, an organization that unites efforts against computer crime, fraud, and misuse of
computers or networks.
Verify that the STM correctly scans HTTP traffic:
1. Log in to the STM Web Management Interface, and then verify that HTTP scanning is
enabled. For information about how to enable HTTP scanning, see Customizing Web
Protocol Scan Settings on page 105.
2. Check the downloaded eicar.com test file, and note the attached malware information file.
Chapter 2. Using the Setup Wizard to Provision the STM in Your Network |49
To receive threat management component updates and technical support, you need to
register your STM with NETGEAR. The support registration keys are provided with the
product package (see Service Registration Card with License Keys on page 12).
The STM supports a bundle key, which is a single support registration key that provides all
three licenses: Web protection, Email protection, and Support & Maintenance.
Note: Activating the service licenses initiates their terms of use. Activate
the licenses only when you are ready to start using this unit. If your
unit has never been registered before, you can use the 30-day trial
period for all three types of licenses to perform the initial testing and
configuration. To use the trial period, do not click Register in step 5
of the following procedure but click Trial instead.
To activate the service licenses:
1. Ensure that your STM is connected to the Internet.
2. Select Support > Registration from the menu. The Registration screen displays:
Figure 31.
50| Chapter 2. Using the Setup Wizard to Provision the STM in Your Network
3. In the Registration Key field, enter the license key.
4. Fill out the customer and VAR fields.
5. Click Register.
6. Repeat step 3 and step 5 for additional license keys.
The STM activates the licenses and registers the unit with the NETGEAR registration server.
Note: If you reset the STM to the original factory default settings after you
have entered the license keys to activate the STM (see Registering
the STM with NETGEAR on page 50), the license keys are erased.
The license keys and the different types of licenses that are
available for the STM are no longer displayed on the Registration
screen. However, after you have reconfigured the STM to connect to
the Internet and to the NETGEAR registration server, the STM
retrieves and restores all registration information based on its MAC
address and hardware serial number. You do not need to reenter the
license keys or reactivate the STM.
What to Do Next
You have completed setting up and deploying the STM to the network. The STM is now set
up to scan the protocols and services that you specified for malware threats and to perform
updates based on the configured update source and frequency.
If you need to change the settings, or to view reports or logs, log in to the STM Web
Management Interface, using the default IP address or the IP address that you assigned to
the STM in Setup Wizard Step 1 of 10: Introduction on page 33.
The STM is ready for use. However, the following sections describe some important tasks
that you might want to address before you deploy the STM in your network:
• Changing Administrative Passwords and Timeouts on page 62
• Managing Digital Certificates on page 76
• Configuring Groups on page 148
• Configuring User Accounts on page 152
• Configuring Authentication on page 154
• Setting Scanning Exclusions and Web Access Exceptions on page 130
Chapter 2. Using the Setup Wizard to Provision the STM in Your Network |51
3. Performing Network and System
Management
This chapter describes the network settings, the system management features, and ways to
improve the performance of the STM. If you have used the Setup Wizard, you have already
configured some of these settings, but there are situations in which you might want to modify
them. This chapter contains the following sections:
• Configuring Network Settings on this page
• Configuring Session Limits and Timeouts on page 56
• Configuring the Network Refresh and Permanent MAC Address Bindings on page 57
• Configuring the HTTP Proxy Settings on page 60
• About Users with Administrative and Guest Privileges on page 61
• Configuring Remote Management Access on page 64
• Using an SNMP Manager on page 65
• Managing the Configuration File on page 67
• Updating the Software on page 71
• Configuring Date and Time Service on page 74
3
• Managing Digital Certificates on page 76
• Managing the Quarantine Settings on page 81
• Managing the STM’s Performance on page 82
Configuring Network Settings
If you have used the Setup Wizard, you might already have configured the Web
Management Interface and maximum transmission unit (MTU) settings; the Network Settings
screen allows you to modify these settings and to specify the interface speed and duplex
settings.
The STM requires a valid IP address to retrieve online updates and to enable access to its
Web Management Interface. If you have used the Setup Wizard to configure the STM, you
have already specified the management interface name and address settings and the size of
the MTU. In addition to modifying these settings, the Network Settings screen also allows
you to specify the interface speed and duplex settings for the management interface, for the
Chapter 3. Performing Network and System Management |52
The following figure shows the Interface Speed & Duplex Settings section of the Network
Settings screen of the STM150:
Figure 34. STM150
2. Complete the fields and make your selections from the drop-down lists as explained in the
following table:
Table 13. Network Settings
SettingDescription (or Subfield and Description)
Management Interface Settings
System NameThe name for the STM for purposes of identification and management. The default
name is the name of your model (STM150, STM300, or STM600).
IP AddressEnter the IP address of the STM through which you will access the Web Management
Interface. The factory default IP address is 192.168.1.201.
Note: If you change the IP address of the STM while being connected through the
browser, you will be disconnected. You then need to open a new connection to the new
IP address and log in again. For example, if you change the default IP address from
192.168.1.201 to 10.0.0.1, you need to enter https://10.0.0.1 in your browser to
reconnect to the Web Management Interface.
Subnet MaskEnter the IP subnet mask. The subnet mask specifies the network number portion of an
IP address. Unless you are implementing subnetting, use 255.255.255.0 as the subnet
mask.
Gateway Address Enter the IP address of the gateway through which the STM is accessed.
Primary DNSSpecify the IP address for the primary DNS server IP address.
Secondary DNSAs an option, specify the IP address for the secondary DNS server IP address.
Interface Speed & Duplex Settings
These sections show the MAC address and assigned speed and duplex setting for each active interface.
The Set Speed/Duplex drop-down list allows you to select the speed and duplex setting for each active
interface. To set the speed to 1000baseT duplex (“full”), select auto to let the STM sense the speed
automatically.
Note: MGMT stands for management interface.
54| Chapter 3. Performing Network and System Management
SettingDescription (or Subfield and Description)
STM600
(see Figure 32 on
page 53)
STM300
(see Figure 33 on
page 53)
STM150
(see Figure 34 on
page 54)
MGMTFrom the Set Speed/Duplex drop-down list, make one of the
PAIR1 UPLINK
PAIR1 DOWNLINK
PAIR2 UPLINK
PAIR2 DOWNLINK
MGMTFrom the Set Speed/Duplex drop-down list, make one of the
UPLINK
DOWNLINK
LAN1
LAN2
LAN3
LAN4
WAN
following selections:
• auto. Speed autosensing. This is the default setting.
• 10baseT/Half. Ethernet speed at half duplex.
• 10baseT/Full. Ethernet speed at full duplex.
• 100baseT/Half. Fast Ethernet speed at half duplex.
• 100baseT/Full. Fast Ethernet speed at full duplex.
following selections:
• auto. Speed autosensing. This is the default setting.
• 10baseT/Half. Ethernet speed at half duplex.
• 10baseT/Full. Ethernet speed at full duplex.
• 100baseT/Half. Fast Ethernet speed at half duplex.
• 100baseT/Full. Fast Ethernet speed at full duplex.
From the Set Speed/Duplex drop-down list, make one of the
following selections:
• auto. Speed autosensing. This is the default setting, which can
sense 1000BaseT speed at full duplex.
• 10baseT/Half. Ethernet speed at half duplex.
• 10baseT/Full. Ethernet speed at full duplex.
• 100baseT/Half. Fast Ethernet speed at half duplex.
• 100baseT/Full. Fast Ethernet speed at full duplex.
Note: All LAN interfaces share the same MAC address, speed,
and duplex mode.
Note: The STM150 does not provide a dedicated management
interface.
MTU Settings
Maximum
Transmission Unit
The maximum transmission unit (MTU) is the largest physical packet size that a
network can transmit. Packets that are larger than the MTU value are divided into
smaller packets before they are sent, an action that prolongs the transmission process.
For most Ethernet networks the MTU value is 1500 bytes, which is the default setting.
Note: NETGEAR recommends synchronizing the STM’s MTU setting with that of your
network to prevent delays in transmission.
3. Click Apply to save your settings. (If you click Reset, the STM restarts to restore the
default network settings.) Changing the network settings has the following consequences:
• Changing any of the settings in the Management Interface Settings section of the
screen causes the STM to restart.
• Changing any of the settings in the Interface Speed & Duplex Settings section of the
screen causes the network to restart.
• Changing the MTU setting causes services such as HTTP and SMTP to restart.
Chapter 3. Performing Network and System Management |55
The Session Limits screen allows you to specify the total number of sessions per user (that
is, per IP address or single source machine) that are allowed on the STM. Session limiting is
disabled by default. When session limiting is enabled, you can specify the maximum number
of sessions per user either as an absolute number or as a percentage of the STM’s total
connection capacity per user, which is 10000 sessions. (You cannot change the total
connection capacity per user.) If a user exceeds the number of allocated sessions, packets
might be dropped.
Note: Some protocols such as FTP and RSTP create two sessions per
connection.
To configure session limits and timeouts:
1. Select Global Settings > Network Settings from the menu. The Network Settings
submenu tabs display with the Network Settings screen in view.
3. Select the radio buttons, make your selections from the drop-down list, and complete the
fields as explained in the following table:
Table 14. Session Limits Settings
SettingDescription (or Subfield and Description)
Session Limits
Do You Want to
Enable per-user
Session Limits?
Session Timeouts
If a session goes without data flow longer than the configured values, the session is terminated.
TCP TimeoutThe time in seconds after which a TCP session without data flow is terminated. The
UDP TimeoutThe time in seconds after which an UDP session without data flow is terminated. The
ICMP TimeoutThe time in seconds after which an ICMP session without data flow is terminated. The
Select the Yes radio button to enable session limits, and then fill in the Limit Type and
Limit Value fields. The No radio button is selected by default.
Limit TypeFrom the Limit Type drop-down list, make one of the following selections:
• Percentage of Maximum Sessions. Session limits are set as a
percentage of the total connection capacity per user.
• Sessions per User. Session limits are set as an absolute number.
Limit ValueDepending on the selection in the Limit Type field, this value is a
percentage or an absolute number.
The Total Number of Packets Dropped field, which you cannot configure, shows the total
number of packets that are dropped because the session limit has been exceeded.
default time is 1200 seconds.
default time is 180 seconds.
default time is 8 seconds.
4. Click Apply to save your settings. Changing any settings in the Session Timeouts section of
the screen requires the STM to restart. If you click Reset, the STM restarts to restore the
default network settings.
Configuring the Network Refresh and
Permanent MAC Address Bindings
The STM integrates smart virtual MAC address detection to automatically detect virtual MAC
addresses and bind these to an interface. When the network topology changes, a virtual
MAC address might no longer be bound to the original interface. If this situation occurs, the
host to which the virtual MAC address is assigned is no longer able to communicate with
others through the STM. Therefore, the network need to be refreshed to enable the STM to
redetect the virtual MAC address on the correct interface.
Chapter 3. Performing Network and System Management |57
3. Select the check boxes and radio buttons and make your selections from the drop-down list
as explained in the following table:
Table 15. Network Refresh Settings
SettingDescription (or Subfield and Description)
Automatically Refresh the Network
Periodically
refresh the MAC
address
bindings
Click Apply to schedule the automatic refresh of the network, or click Reset to return to the default settings.
Manually Refresh the Network
Click Refresh to immediately refresh the network.
Note: When you click Refresh, the network restarts.
Note: The Advanced Settings button is described in the following section.
Select this check box to enable the periodic refresh of the dynamic MAC address
bindings. Specify if the refresh occurs either weekly or daily.
WeeklySelect the Weekly radio button to enable a weekly refresh of the network,
and then specify when the refresh needs to occur by selecting the day,
hour, and minutes from the drop-down lists.
DailySelect the Daily radio button to enable a daily refresh of the network, and
then specify when the refresh needs to occur by selecting the hour and
minutes from the drop-down lists.
Managing Permanent MAC Address Bindings
You can permanently bind a MAC address to an interface. Such a binding does not change
when the network topology changes and does not need to be redetected by the STM.
To create a permanent MAC binding:
1. Select Global Settings > Network Settings from the menu. The Network Settings
submenu tabs display with the Network Settings screen in view.
2. Click the Network Refresh submenu tab. The Network Refresh screen displays (see the
previous figure, which shows the STM150). Locate the Manually Refresh the Network
section.
3. Click the Advanced Settings button. The screen expands to display the MAC Address
Bindings section.
Chapter 3. Performing Network and System Management |59
4. Complete the fields and make your selections from the drop-down lists as explained in the
following table:
Table 16. MAC Address Binding Settings
SettingDescription
MAC AddressEnter the MAC address that you want to bind permanently.
Port (STM150) or Interface
(STM300 and STM600)
TypeThis field is automatically determined: it displays Permanent or Dynamic.
From the drop-down list, select the interface to which the MAC address needs
to be bound.
5. To add the newly configured MAC address binding to the MAC Address Bindings table, click
the Add table button in the Action column.
The MAC Address Bindings table displays both the dynamic bindings that are automatically
detected by the STM and the permanent bindings that you have created.
Changing a Dynamic MAC Address Binding to a Permanent Binding
To change a dynamic binding to a permanent binding:
1. Locate the dynamic MAC address binding that you want bind permanently, and select an
interface from the Port drop-down list (STM150) or Interface drop-down list (STM300
and STM600).
2. Click the corresponding Add table button in the Action column.
Activating, Editing, or Deleting a Permanent MAC Address Binding
For each permanent binding in the MAC Address Bindings table, the Action column provides
two table buttons:
• Apply. Activates the permanent MAC address binding.
• Delete. Deletes the permanent MAC address binding from the table.
To assign another interface to a permanent MAC address binding:
1. Locate the dynamic MAC address binding that you want to edit, and select another
interface from the Port drop-down list (STM150) or Interface drop-down list (STM300
and STM600).
2. Click Apply to save your changes.
Configuring the HTTP Proxy Settings
If you have used the Setup Wizard, you might have already configured an HTTP proxy; the
HTTP Proxy screen allows you to modify these settings. If the STM is installed behind an
HTTP proxy, you might need to specify the HTTP proxy settings for the STM to connect to the
60| Chapter 3. Performing Network and System Management
Internet. The settings on the HTTP Proxy screen affect Web category filtering, distributed
spam analysis, and software updates.
To configure the HTTP proxy:
1. Select Global Settings > HTTP Proxy from the menu. The HTTP Proxy screen
displays:
Figure 37.
2. Select the check box and complete the fields as explained in the following table:
Table 17. HTTP Proxy Settings
SettingDescription (or Subfield and Description)
HTTPS Proxy Settings
Use a Proxy Server to
Connect to the Internet
If computers on the network connect to the Internet via a proxy server, select the
Use a Proxy Server to Connect to the Internet check box to specify and enable
a proxy server. Enter the following settings:
Proxy ServerThe IP address and port number of the proxy server.
User NameThe user name for proxy server authentication.
PasswordThe password for proxy server authentication.
3. Click Apply to save your settings.
About Users with Administrative and Guest Privileges
There are two predefined user types that can access the STM’s Web Management Interface:
• Administrator. A user who has full access and the capacity to change the STM
configuration (that is, read/write access). The default user name for an administrator is
admin, and the default password for an administrator is password.
Chapter 3. Performing Network and System Management |61
• Guest user. A user who can only view the STM configuration (that is, read-only access).
The default user name for a guest is guest, and the default password for a guest is guest.
NETGEAR recommends that you change these passwords to more secure passwords.
The login window that is presented to the administrator and guest user is the NETGEAR
Configuration Manager Login screen (see Figure 87 on page 155).
Changing Administrative Passwords and Timeouts
In addition to changing the default password for the administrator and guest user, you can
use the Set Password screen to change the account names, and modify the Web
Management Interface timeout setting.
Note: The ideal password should contain no dictionary words from any
language, and should be a mixture of letters (both uppercase and
lowercase), numbers, and symbols. The password can be up to 64
characters.
To modify the administrator and guest accounts, and to modify the Web Management
Interface timeout setting:
1. Select Administration > Set Password from the menu. The Set Password screen
displays:
Figure 38.
62| Chapter 3. Performing Network and System Management
2. To modify the administrator or guest settings, select the check box and complete the fields
as explained in the following table:
Table 18. Set Password Settings Screen: Administrator and Guest Settings
SettingDescription (or Subfield and Description)
User Selection
Select one of the following radio buttons:
• Edit Administrator Settings. Allows you to modify the administrator settings, while the guest settings
are masked out.
• Edit Guest Settings. Allows you to modify the guest settings, while the administrator settings are
masked out.
Administrator Settings/Guest Setting
New User NameThe default user name. For the administrator account, the default name is admin;
for the guest account, the default name is guest.
Old PasswordThe current (factory default) password.
New PasswordEnter the new password.
Retype New Password Confirm the new password.
3. Under the Administrator Settings and Guest Settings sections of the screen, click Apply to
save your settings.
4. If you modified the administrator settings and now want to modify the guest settings, or the
other way around, repeat step 2 and step 3 for the other settings.
5. To modify the Web Management Interface timeout settings, complete the field as explained
in the following table:
Table 19. Set Password Settings Screen: Web Interface Timeout Settings
SettingDescription (or Subfield and Description)
Web Interface Timeout
Session TimeoutEnter the period in seconds after which the Web Management Interface is
automatically logged off if no activity is detected. The default is 600 seconds. You
can configure a session timeout from 30 seconds to 9999 seconds.
6. Under the Web Interface Timeout section of the screen, click Apply to save your settings.
Note: After a factory default reset, the password and timeout values are
changed back to password and 600 seconds (5 minutes),
respectively.
Chapter 3. Performing Network and System Management |63
An administrator can configure, upgrade, and check the status of the STM over the Internet
via a Secure Sockets Layer (SSL) VPN connection.
You need to use an SSL VPN connection to access the STM from the Internet: type https://
(not http://) followed by the STM’s WAN IP address into your browser. For example, if the
STM’s WAN IP address is 172.16.0.123, type the following in your browser:
https://172.16.0.123.
The STM’s remote login URL is:
https://<IP_address> or https://<FullyQualifiedDomainName
Note: The STM is accessible to anyone who knows its IP address and
default password. Because a malicious WAN user can reconfigure
the STM and misuse it in many ways, NETGEAR highly
recommends that you change the admin and guest default
passwords before continuing (see Changing Administrative
Passwords and Timeouts on page 62).
To configure remote management:
1. Select Administration > Remote Management from the menu. The Remote
Management screen displays:
Figure 39.
64| Chapter 3. Performing Network and System Management
2. In the Secure HTTPS Management section of the screen, enter number of the port that you
want to use to access Web Management Interface of the STM. The default setting is port
443, but you can enter a port ranging from 1024 to 65535. You cannot use some ports such
as 2080 and 8088 that might be used by the STM.
This section of the screen also displays the HTTPS hyperlink through which you can
access the Web Management Interface of the STM. The hyperlink consists of the IP
address or fully qualified domain name (FQDN) for the STM and the port number that you
have assigned.
3. In the Access Control List section of the screen, you can specify IP addresses or IP address
ranges that you want to grant access to the Web Management Interface for increased
security. To specify a range, separate the beginning IP address and the ending IP address
by a hyphen (-).To allow access from all IP addresses and IP address ranges, leave this field
blank.
4. Click Apply to save your changes.
Note: To maintain security, the STM rejects a login that uses http://address
rather than the SSL https://address.
Note: The first time that you remotely connect to the STM with a browser
via an SSL VPN connection, you might get a warning message
regarding the SSL certificate. If you are using a Windows computer
with Internet Explorer 5.5 or later, simply click Yes to accept the
certificate.
Using an SNMP Manager
Simple Network Management Protocol (SNMP) forms part of the Internet Protocol Suite as
defined by the Internet Engineering Task Force (IETF). SNMP is used in network
management systems to monitor network-attached devices for conditions that warrant
administrative attention.
SNMP exposes management data in the form of variables on the managed systems, which
describe the system configuration. These variables can then be queried (and sometimes set)
by managing applications.
SNMP lets you monitor and manage your STM from an SNMP manager. It provides a remote
means to monitor and control network devices, and to manage configurations, statistics
collection, performance, and security. The STM provides support for report aggregation
through SNMP version 1 (SNMPv1) and version 2 (SNMPv2).
Chapter 3. Performing Network and System Management |65
Enter the IP addresses of the computers and devices to which you want to grant read-only (GET) or write
(SET) privileges on the STM. Separate IP addresses by a comma. To allow any trusted SNMP host access,
leave the field blank, which is the default setting.
SNMP Traps
Enter the IP addresses of the SNMP management stations that are allowed to receive the STM’s SNMP
traps. Separate IP addresses by a comma. If you leave the field blank, which is the default setting, no
SNMP management station can receive the STM’s SNMP traps.
ContactThe SNMP system contact information that is available to the
SNMP manager. This setting is optional.
LocationThe physical location of the STM. This setting is optional.
3. Click Apply to save your settings.
Supported MIB Browsers
After you have configured the SNMP settings, you need to enter the IP address of the STM in
the Management Information Base (MIB) browsers through which you want to query or
configure the STM. See the documentation of your MIB browser for instructions.
NETGEAR recommends the following MIB browsers for receiving the STM SNMP
notifications:
• MG-Soft
• SNMP
• Net-SNMP (Linux Text)
• SNMP Browser for KDE
The STM MIB structure is automatically downloaded by management stations. You should
start receiving notifications after you have enabled SNMP on the STM and added its IP
address into your MIB browsers.
Managing the Configuration File
The configuration settings of the STM are stored in a configuration file on the STM. This file
can be saved (backed up) to a PC, retrieved (restored) from the PC, or cleared to factory
default settings.
Once the STM is installed and works correctly, make a backup of the configuration file to a
computer. If necessary, you can later restore the STM settings from this file.
Chapter 3. Performing Network and System Management |67
To display the Backup and Restore Settings screen, select Administration > Backup and
Restore Settings from the menu:
Figure 41.
Backing Up Settings
The backup feature saves all STM settings to a file. These settings include:
• Network settings. IP address, subnet mask, gateway, and so on.
• Scan settings. Services to scan, primary and secondary actions, and so on.
• Update settings. Update source, update frequency, and so on.
• Antispam settings. Whitelist, blacklist, content filtering settings, and so on.
Back up your STM settings periodically, and store the backup file in a safe place.
Tip: You can use a backup file to export all settings to another STM that has
the same language and management software versions. Remember to
change the IP address of the second STM before deploying it to
eliminate IP address conflicts on the network.
68| Chapter 3. Performing Network and System Management
1. On the Backup and Restore Settings screen (see the previous figure), next to Save a
copy of current settings, click the Backup button to save a copy of your current settings.
A dialog box displays, showing the file name of the backup file.
Note: The backup file has the following format:
backup_$hostname_$productversion_$yyyymmdd.gpg.
$hostname: The host name of the STM that is configured on the
Network Settings screen, for example, STM600.
$productversion: The software version of the STM, for example,
2.0.0-39.
$yyyymmdd: The time when the backup is performed, for example,
20100617.
Using these examples, the backup file name would be
backup_STM600_2.0.0-39_20100617.gpg.
2. Select Save file, and then click OK.
3. Open the folder where you have saved the backup file, and then verify that it has been
saved successfully.
Note the following:
• If your browser is not configured to save downloaded files automatically, locate the folder
in which you want to save the file, specify the file name, and save the file.
• If you have your browser configured to save downloaded files automatically, the file is
saved to your browser’s download location on the hard disk.
Restoring Settings
WARNING!
Restore only settings that were backed up from the same software
version. Restoring settings from a different software version can
corrupt your backup file or the STM system software.
Chapter 3. Performing Network and System Management |69
1. On the Backup and Restore Settings screen (see Figure 41 on page 68), next to
Restore save settings from file, click Browse.
2. Locate and select the previously saved backup file.
3. When you have located the file, click the Restore button. A warning screen might appear,
and you might have to confirm that you want to restore the configuration.
The STM restarts. During the reboot process, the Backup and Restore Settings screen
remains visible. The reboot process is complete after several minutes when the Test LED on
the front panel goes off.
WARNING!
Once you start restoring settings, do not interrupt the process. Do
not try to go online, turn off the STM, shut down the computer, or
do anything else to the STM until the settings have been fully
restored.
Reverting to Factory Default Settings
To reset the STM to the original factory default settings, click the Default button next to
Revert to factory default settings on the Backup and Restore Settings screen (see Figure 41
on page 68).
The STM restarts. The Backup and Restore Settings screen remains visible during the reboot
process. The reboot process is complete after several minutes when the Test LED (STM150)
or Status LED (STM300 and STM600) on the front panel goes off.
WARNING!
When you restore the factory default settings, the STM settings
are erased. All content settings and scan settings are lost. Back
up your settings if you intend on using them.
Note: After rebooting with factory default settings, the STM administrator
account password is password, the guest account password is
guest, and the LAN IP address is 192.168.1.201.
70| Chapter 3. Performing Network and System Management
Note: For the STM150 only, there is an alternate way to return the settings
to factory defaults: Using a sharp object, press and hold the Reset
button on the rear panel of the STM150 (see Rear Panel STM150 on
page 20) for about 10 seconds until the front panel Test LED flashes
and the STM150 returns to factory default settings.
Updating the Software
If you have used the Setup Wizard, you might have already configured the software update
settings; the Software Update screen allows you to modify these settings.
The STM has four main software components:
• The application software that includes the network protocols, security services, Web
Management Interface, and other components.
• A scan engine that enables the STM to scan emails, attachments, Web files, and
applications, and that functions in conjunction with the pattern file.
• A pattern file that contains the virus signature files and virus database.
• An operating system (OS) that includes the kernel modules and hardware drives.
The STM provides two methods for updating components:
• Scheduled, automatic update
• Manual update
Because new virus threats can appear any hour of the day, it is very important to keep both
the pattern file and scan engine firmware as current as possible. The STM can automatically
check for updates, as often as every 15 minutes, to ensure that your network protection is
current.
Scheduling Updates
Enabling scheduled updates ensures that the STM automatically downloads the latest
components from the NETGEAR update server.
Chapter 3. Performing Network and System Management |71
1. Select Administration > Software Update from the menu. The Software Update screen
displays:
Figure 42.
2. Select the radio buttons, complete the field, and make your selections from the drop-down
lists as explained in the following table:
Table 21. Software Update Settings
SettingDescription (or Subfield and Description)
System Information
You cannot configure this section; it is shown for information only. For the software, scan engine, (signature)
pattern file, and operating system (OS), the current version and the date of the last update are displayed.
Click + More to display the versions and most recent downloads for the antispam engine, applications
engine, applications pattern file, stream engine, stream pattern file, mini engine, mini pattern file, policyd,
scand, urld, update client, and rescue software.
72| Chapter 3. Performing Network and System Management
SettingDescription (or Subfield and Description)
Update Settings
Update FromSelect one of the following radio buttons:
• Default Update Server. The scan engine and signatures are updated from the
NETGEAR default update server.
• Another Update Server. The scan engine and signatures are updated from a
server that you specify by entering the server IP address or host name in the
Server Address field.
Server Address The update server IP address or host name.
Update Component Make one of the following selections from the drop-down list:
• Update Signature Patterns only. Only the (signature) pattern file is updated. The
software, scan engine, and OS are not updated.
• Update all Software and Signature Patterns. The software, scan engine,
(signature) pattern file, and OS are updated. This is the default setting.
Update Frequency
Make one of the following selections:
• Weekly. From the drop-down lists, specify the day, hour, and minutes that the update should occur.
• Daily. From the drop-down lists, specify the hour and minutes that the update should occur.
• Every. From the drop-down list, specify the frequency with which the update should occur.
3. Click Apply to save your settings.
Performing a Manual Update
If you want to immediately check for and download available updates, perform a manual
update:
1. Select Administration > Software Update from the menu. The Software Update screen
displays (see the previous figure).
2. At the bottom of the screen, click Update Now. The STM contacts the update server and
checks for available updates. If updates are available, the Update Progress screen displays
to show the progress of the update:
Figure 43.
Chapter 3. Performing Network and System Management |73
3. After the update has finished, click Apply to activate the newly updated software.
Critical Updates That Require a Restart
If a downloaded update requires a restart, you are prompted to perform the update when you
log in to the STM. The following figure shows an example of a Critical Update screen, which
provides information about the update and allows you to install it immediately or at sa later
time. To install the update immediately, click Install Now. To install the update at a later time,
click Later.
Figure 44.
Configuring Date and Time Service
If you have used the Setup Wizard, you might have already configured the system date and
time settings; the System Date and Time screen allows you to modify these settings.
Configure date, time, and NTP server designations on the System Date and Time screen.
Network Time Protocol (NTP) is a protocol that is used to synchronize computer clock times
in a network of computers. Setting the correct system time and time zone ensures that the
date and time recorded in the STM logs and reports are accurate. Changing the time zone
requires the STM to restart to apply the updated settings.
74| Chapter 3. Performing Network and System Management
1. Select Administration > System Date and Time from the menu. The System Date and
Time screen displays:
Figure 45.
The top of the screen displays the current weekday, date, time, time zone, and year (in
the example in the previous figure: Current Time: 2009-08-02 00:19:30).
2. Select the radio buttons, complete the fields, and make your selections from the drop-down
list as explained in the following table:
Table 22. System Date and Time Settings
SettingDescription (or Subfield and Description)
System Date and Time
From the drop-down list, select an NTP server, or select to enter the time manually.
Use Default NTP
Servers
The STM regularly updates its real-time clock (RTC), which it uses for scheduling, by
contacting a default NETGEAR NTP server on the Internet. This is the default setting.
Chapter 3. Performing Network and System Management |75
Table 22. System Date and Time Settings (Continued)
SettingDescription (or Subfield and Description)
Use Custom NTP
Servers
Manually Enter the
Date and Time
Time Zone
From the drop-down list, select the local time zone in which the STM operates. The correct time zone is
required in order for scheduling to work correctly. You do not need to configure daylight savings time, which
is applied automatically when applicable. GMT (Greenwich Mean Time) is the default setting.
Note: When you select a time zone that is not associated with a location such as (GMT -08:00) GMT-8,
daylight savings time is automatically disabled. When you select a time zone that is associated with a
location such as (GMT -08:00) Pacific Time ( US & Canada), daylight savings time is automatically enabled.
The STM regularly updates its RTC by contacting one of the two NTP servers (primary
and backup), both of which you need to specify in the fields that become available
when you select this option.
Note: If you select this option but leave either the Server 1 or Server 2 field blank,
both fields are automatically set to the default NETGEAR NTP servers.
Note: A list of public NTP servers is available at
http://support.ntp.org/bin/view/Servers/WebHome.
Server 1 Name /
IP Address
Server 2 Name /
IP Address
DateEnter the date in the yyyy-mm-dd (year-month-date) format.
TimeEnter the time in the hh-mm-ss (hour-minutes-seconds) format.
Enter the IP address or host name the primary NTP server.
Enter the IP address or host name the secondary NTP server.
3. Click Apply to save your settings. Changing the time zone requires the STM to restart.
Note: If you select the default NTP servers or if you enter a custom server
FQDN, the STM determines the IP address of the NTP server by
performing a DNS lookup. You need to configure a DNS server
address on the Network Settings screen (see Configuring Network
Settings on page 52) before the STM can perform this lookup.
ManagingDigital Certificates
The STM uses digital certificates (also known as X509 certificates) for secure Web access
connections over HTTPS (that is, SSL VPN connections).
Digital certificates can be either self-signed or can be issued by Certification Authorities
(CAs) such as an internal Windows server or an external organizations such as Verisign or
Thawte. On the STM, the uploaded digital certificate is checked for validity and purpose. The
digital certificate is accepted when it passes the validity test and the purpose matches its use.
76| Chapter 3. Performing Network and System Management
The STM uses digital certificates to authenticate connecting HTTPS servers, and to allow
HTTPS clients to be authenticated by remote entities. A digital certificate that authenticates a
server, for example, is a file that contains the following elements:
• A public encryption key to be used by clients for encrypting messages to the server.
• Information identifying the operator of the server.
• A digital signature confirming the identity of the operator of the server. Ideally, the
signature is from a trusted third party whose identity can be verified.
When a security alert is generated, the user can decide whether or not to trust the host.
Figure 46.
You can obtain a digital certificate from a well-known commercial Certificate Authority (CA)
such as Verisign or Thawte. Because a commercial CA takes steps to verify the identity of an
applicant, a digital certificate from a commercial CA provides a strong assurance of the
server’s identity.
The STM contains a self-signed digital certificate from NETGEAR. This certificate can be
downloaded from the STM login screen or from the Certificate Management screen for
browser import. However, NETGEAR recommends that you replace this digital certificate
with a digital certificate from a well-known commercial CA prior to deploying the STM in your
network.
The STM’s Certificate Management screen lets you to view the currently loaded digital
certificate for HTTPS scans, upload a new digital certificate, manage the trusted CA
authorities list, and manage the untrusted certificates list.
To display the Certificate Management screen, select Web Security > Certificate Management from the menu. Because of the size of this screen, and because of the way the
information is presented, the Certificate Management screen is divided and presented in this
manual in three figures (the following figure, Figure 48 on page 79, and Figure 49 on
page 80).
Chapter 3. Performing Network and System Management |77
To manage the STM’s active certificate that is used for HTTPS scans, select Web Security >
Certificate Management from the menu. The Certificate Management screen displays. The
following figure shows only the Certificate Used for HTTPS Scans section of the screen:
Figure 47. Certificate Management, screen 1 of 3
The top part of the Certificate Used for HTTPS Scans section displays information about the
current certificate that is used for HTTPS scans.
Note: For information about the HTTPS scanning process, HTTPS Scan
Settings on page 119.
To download the current certificate into your browser:
1. Click Download for browser import.
2. Follow the instructions of your browser to save the RootCA.crt file on your computer.
To reload the default NETGEAR certificate:
1. Select the Use NETGEAR default certificate radio button.
2. Click Apply to save your settings.
78| Chapter 3. Performing Network and System Management
1. Select the Use imported certificate (PKCS12 format) radio button.
2. Click Browse next to the Import from File field.
3. Navigate to a trusted certificate file on your computer. Follow the instructions of your browser
to place the certificate file in the Import from File field.
4. If required, enter the appropriate password in the Certificate password field.
5. Click the Upload button.
Note: If the certificate file is not in the pkcs12 format, the upload fails.
Importing a new certificate overwrites any previously imported
certificates.
6. Click Apply to save your settings.
Managing Trusted Certificates
To manage trusted certificates:
Select Web Security > Certificate Management from the menu. The Certificate
Management screen displays. The following figure shows only the Trusted Certificate
Authorities section of the screen:
Figure 48. Certificate Management, screen 2 of 3
The Trusted Certificate Authorities table contains the trusted certificates from third-party
websites that are signed by the Certificate Authorities.
Chapter 3. Performing Network and System Management |79
1. From the Trusted Certificate Authorities table, select the certificate.
2. Click View Details. A new screen opens that displays the details of the certificate.
To delete a trusted certificate:
1. From the Trusted Certificate Authorities table, select the certificate.
2. Click Delete Selected.
To import a trusted certificate:
1. Click Browse next to the Import from File field.
2. Navigate to a trusted certificate file on your computer. Follow the instructions of your
browser to place the certificate file in the Import from File field.
3. Click the Upload button. The newly imported trusted certificate is added to the Trusted
Certificate Authorities table.
Managing Untrusted Certificates
To manage untrusted certificates:
Select Web Security > Certificate Management from the menu. The Certificate
Management screen displays. The following figure shows only the Untrusted Certificates
section of the screen:
Figure 49. Certificate Management, screen 3 of 3
When the STM detects an untrusted or invalid certificate, it automatically places the
certificate in the Untrusted Certificates table.
To view details of an untrusted certificate:
1. From the Untrusted Certificates table, select the certificate.
2. Click View Details. A new screen opens that displays the details of the certificate.
80| Chapter 3. Performing Network and System Management
1. From the Untrusted Certificates table, select the certificate.
2. Click Delete Selected.
To move an untrusted certificate to the Trusted Certificate Authorities table:
1. From the Untrusted Certificates table, select the certificate.
2. Click Add to Trusted List. The previously untrusted certificate is added to the Trusted
Certificate Authorities table.
Managing the Quarantine Settings
You can specify how much memory the STM reserves for quarantined items, and how long
these items remain in memory. In general, the default settings work well for most situations.
To change the quarantine settings:
1. Select Global Settings > Quarantine from the menu. The Quarantine screen displays:
Figure 50.
Chapter 3. Performing Network and System Management |81
2. Select the radio buttons, complete the field, and make your selections from the drop-down
lists as explained in the following table:
Table 23. Quarantine Settings
SettingDescription (or Subfield and Description)
Malware Quarantine Area Size Specify the maximum amount of memory in MB that is allocated to
malware quarantine. This limit is cumulative for all users.
For the STM600, the default setting is 200 MB, and the maximum setting is
512 MB.
For the STM150 and STM300, the default setting is 100 MB, and the
maximum setting is 512 MB.
Note: After the limit has been exceeded, old items are automatically
purged from the malware quarantine to make space for new items.
Spam Quarantine Area SizeSpecify the maximum amount of memory in MB that is allocated to spam
quarantine. This limit is cumulative for all users.
For the STM600, the default setting is 1024 MB, and the maximum setting
is 2048 MB.
For the STM150 and STM300, the default setting is 512 MB, and the
maximum setting is 1024 MB.
Note: After the limit has been exceeded, old items are automatically
purged from the malware quarantine to make space for new items.
Quarantine LifetimeSpecify how long items remain in quarantine before being automatically
purged. The default setting is 15 days. The maximum setting is 30 days.
3. Click Apply to save your settings.
Note: For information about how to view and manage the quarantine files,
see Viewing and Managing the Quarantine Files on page 208.
Managing the STM’s Performance
Performance management consists of controlling the traffic through the STM so that the
necessary traffic gets through when there is a bottleneck and either reducing unnecessary
traffic or rescheduling some traffic to low-peak times to prevent bottlenecks from occurring in
the first place.
If you want to reduce traffic by preventing unwanted emails from reaching their destinations
or by preventing access to certain sites on the Internet, you can use the STM’s content
filtering feature. By default, this feature is disabled; all requested traffic from any website is
allowed with the exception of Web content categories that are mentioned in Default Email
and Web Scan Settings on page 85.
82| Chapter 3. Performing Network and System Management
You can adjust the following features of the STM in such a way that the traffic load on the
WAN side decreases.
• Email content filtering. To reduce incoming email traffic, you can block emails with large
attachments, reject emails based on keywords, file extensions, or file names, and set
spam protection rules. There are several ways you can reduce unwanted email traffic:
-Setting the size of email files to be scanned. Scanning large email files requires
network resources and might slow down traffic. You can specify the maximum file or
message size that is scanned, and whether files that exceed the maximum size are
skipped (which might compromise security) or blocked. For more information, see
Exception Settings on page 90.
-Keyword, file extension, and file name blocking. You can reject emails based on
keywords in the subject line, file type of the attachment, and file name of the
attachment. For more information, see Email Content Filtering on page 94.
-Protecting against spam. Set up spam protection to prevent spam from using up
valuable bandwidth. For more information, see Protecting Against Email Spam on
page 97.
• Web content filtering. The STM provides extensive methods to filter Web content in
order to reduce traffic:
-Web category blocking. You can block entire Web categories because their content
is unwanted, offensive, or not relevant, or simply to reduce traffic. For more
information, see Configuring Web Content Filtering on page 109.
-File extension blocking. You can block files based on their extension. Such files can
include executable files, audio and video files, and compressed files. For more
information, see Configuring Web Content Filtering on page 109.
-URL blocking. You can specify URLs that are blocked by the STM. For more
information, see Configuring Web URL Filtering on page 116.
-Web services blocking. You can block Web applications such as instant messaging,
media, peer-to-peer, and tools. For more information, see Configuring Application
Control on page 127.
-Web object blocking. You can block the following Web component types: embedded
objects (ActiveX, Java, Flash), proxies, and cookies; and you can disable Java
scripts. For more information, see Configuring Web Content Filtering on page 109.
-Setting the size of Web files to be scanned. Scanning large Web files requires
network resources and might slow down traffic. You can specify the maximum file size
that is scanned, and whether files that exceed the maximum size are skipped (which
might compromise security) or blocked. For more information, see Configuring Web
Malware Scans on page 107.
For these features (with the exception of Web object blocking and setting the size of files
to be scanned), you can set schedules to specify when Web content is filtered (see
Configuring Web Content Filtering on page 109) and configure scanning exclusions and
access exceptions (see Setting Scanning Exclusions and Web Access Exceptions on
page 130). You can use the STM’s monitoring functions to assist you with performance
management (see Monitoring Real-Time Traffic, Security, Statistics, and Web Usage on
page 184).
Chapter 3. Performing Network and System Management |83
4. Content Filtering and Optimizing Scans
This chapter describes how to apply the content filtering features of the STM and how to
optimize scans to protect your network. This chapter contains the following sections:
• About Content Filtering and Scans on this page
• Configuring Email Protection on page 87
• Configuring Web and Services Protection on page 105
• Configuring Application Control on page 127
• Setting Scanning Exclusions and Web Access Exceptions on page 130
About Content Filtering and Scans
The STM provides very extensive Web content and email content filtering options, Web
browsing activity reporting, email antivirus and antispam options, and instant alerts via email.
You can establish restricted Web access policies that are based on the time of day, Web
addresses, and Web address keywords. You can also block Internet access by applications
and services, such as instant messaging and peer-to-peer file sharing clients.
4
Note: For information about how to monitor blocked content and malware
threats in realtime, see Monitoring Real-Time Traffic, Security,
Statistics, and Web Usage on page 184. For information about how
to view blocked content and malware threats in the logs, see
Querying Logs on page 194. For information about how to view
quarantined content, see Viewing and Managing the Quarantine
Files on page 208.
Chapter 4. Content Filtering and Optimizing Scans |84
For most network environments, the default scan settings and actions that are shown in the
following table work well, but you can adjust these to meet the needs of your specific
environment.
Table 24. Default Email and Web Scan Settings
Scan TypeDefault Scan SettingDefault Action (if applicable)
Email Server Protocols
SMTPEnabledBlock infected email
POP3EnabledDelete attachment if infected
IMAPEnabledDelete attachment if infected
Web Server Protocols
HTTPEnabledDelete file if malware threat detected
HTTPSDisabledNo action (scan disabled)
FTPEnabledDelete file if malware threat detected
Instant Messaging Services
Google TalkAllowed
ICQAllowed
mIRCAllowed
MSN MessengerAllowed
QQAllowed
Yahoo MessengerAllowed
Media Applications
iTunes (music store, update)Allowed
Quicktime (update)Allowed
Real Player (guide)Allowed
a
Rhapsody (guide, music store)Allowed
Winamp (Internet radio/TV)Allowed
Peer-to-Peer (P2P) Services
BitTorrentAllowed
eDonkeyAllowed
GnutellaAllowed
Chapter 4. Content Filtering and Optimizing Scans |85
CommerceAllowed
Drugs and ViolenceBlocked
EducationAllowed with the
exception of School
Cheating
Gaming Blocked
Inactive Sites Allowed
Internet Communication and SearchAllowed with the
exception of Anonymizers
Leisure and NewsAllowed
Malicious Blocked
Politics and ReligionAllowed
Sexual ContentBlocked
TechnologyAllowed
UncategorizedAllowed
a. For the STM300 and STM600, files and messages that are larger than 10240 KB are skipped by default.
For the STM150, files and messages that are larger than 8192 KB are skipped by default.
86| Chapter 4. Content Filtering and Optimizing Scans
The STM lets you configure the following settings to protect the network’s email
communication:
• The email protocols that are scanned for malware threats
• Actions that are taken when infected emails are detected
• The maximum file sizes that are scanned
• Keywords, file types, and file names in emails that are filtered to block objectionable or
high-risk content
• Customer notifications and email alerts that are sent when events are detected
• Rules and policies for spam detection
Customizing Email Protocol Scan Settings
If you have used the Setup Wizard, you might have already configured the email policies; the
(email) Policy screen allows you to modify these settings.
To configure the email protocols and ports to scan:
1. Select Email Security > Policy from the menu. The (email) Policy screen displays:
Figure 51.
Chapter 4. Content Filtering and Optimizing Scans |87
2. Select the check boxes and complete the fields and as explained in the following table:
Table 25. Email Policy Settings
SettingDescription
Services to Scan
SMTPSelect the SMTP check box to enable Simple Mail Transfer Protocol (SMTP) scanning. This
service is enabled by default and uses default port 25.
POP3Select the POP3 check box to enable Post Office Protocol 3 (POP3). This service is enabled
by default and uses default port 110.
IMAPSelect the IMAP check box to enable Internet Message Access Protocol (IMAP). This
service is enabled by default and uses default port 143.
Note: If a protocol uses a port other than the standard service port (for
example, port 25 for SMTP), enter this nonstandard port in the Ports
to Scan field. For example, if the SMTP service on your network
uses both port 25 and port 2525, enter both port numbers in the
Ports to Scan field and separate them by a comma.
Note: The following protocols are not supported by the STM: SMTP over
SSL using port number 465, POP3 over SSL using port number 995,
and IMAP over SSL using port number 993.
3. Click Apply to save your settings.
Customizing Email Anti-Virus Settings
If you have used the Setup Wizard, you might have already configured the email antivirus
action and exception settings; the Action and Exception screens allows you to modify these
settings. The Notification screen allows you to specify the email antivirus notification settings.
Whether or not the STM detects an email virus, you can configure it to take a variety of
actions (some of the default actions are listed in Table 24 on page 85), set exceptions for file
sizes, and specify which notifications, emails, or both need to be sent to the end users.
88| Chapter 4. Content Filtering and Optimizing Scans
1. Select Email Security > Anti-Virus from the menu. The Anti-Virus submenu tabs
display with the Action screen in view:
Figure 52.
2. Make your selections from the drop-down lists as explained in the following table:
Table 26. Email Anti-Virus Action Settings
SettingDescription
Action
SMTPFrom the SMTP drop-down list, specify one of the following actions to be taken when an
infected email is detected:
• Quarantine attachment. The email is not blocked, but the attachment is removed and
placed in the malware quarantine for further research. In addition, a malware quarantine
log entry is created, and depending on the nature of the malware threat, also a virus log
entry or a spyware log entry.
• Delete attachment. The email is not blocked, but the attachment is deleted, and a virus
log entry or a spyware log entry is created.
• Block infected email. This is the default setting. The email is blocked, and a virus log
entry or a spyware log entry is created.
• Quarantine infected email. The email is placed in the malware quarantine for further
research. In addition, a malware quarantine log entry is created, and depending on the
nature of the malware threat, also a virus log entry or a spyware log entry.
• Log only. Only a virus log entry or a spyware log entry is created. The email is not
blocked and the attachment is not deleted.
Chapter 4. Content Filtering and Optimizing Scans |89
POP3From the POP3 drop-down list, specify one of the following actions to be taken when an
infected email is detected:
• Quarantine attachment. The email is not blocked, but the attachment is removed and
placed in the malware quarantine for further research. In addition, a malware quarantine
log entry is created, and depending on the nature of the malware threat, also a virus log
entry or a spyware log entry.
• Delete attachment. This is the default setting. The email is not blocked, but the
attachment is deleted, and a virus log entry or a spyware log entry is created.
• Log only. Only a virus log entry or a spyware log entry is created. The email is not
blocked and the attachment is not deleted.
IMAPFrom the IMAP drop-down list, specify one of the following actions to be taken when an
infected email is detected:
• Quarantine attachment. The email is not blocked, but the attachment is removed and
placed in the malware quarantine for further research. In addition, a malware quarantine
log entry is created, and depending on the nature of the malware threat, also a virus log
entry or a spyware log entry.
• Delete attachment. This is the default setting. The email is not blocked, but the
attachment is deleted, and a virus log entry or a spyware log entry is created.
• Log only. Only a virus log entry or a spyware log entry is created. The email is not
blocked and the attachment is not deleted.
3. Click Apply to save your settings.
Exception Settings
To configure the email antivirus exception settings:
1. Select Email Security > Anti-Virus from the menu. The Anti-Virus submenu tabs
display with the Action screen in view.
2. Click the Exceptions submenu tab.The Exceptions screen displays:
Figure 53.
90| Chapter 4. Content Filtering and Optimizing Scans
3. Make your selection from the drop-down list and complete the field as explained in the
following table:
Table 27. Email Anti-Virus Exception Settings
SettingDescription
Scan Exceptions
From the drop-down list, specify one of the following actions to be taken when an email attachment exceeds
the size that you specify in the file size field:
• Skip. The file is not scanned but skipped, leaving the end user vulnerable. This is the default setting.
• Block. The file is blocked and does not reach the end user.
The default and maximum file sizes are:
• For the STM600 and STM300, the default setting is to block any attachment larger than 10240 KB. The
maximum file size that you can specify is 51200 KB.
• For the STM150, the default setting is to block any attachment larger than 8192 KB. The maximum file
size that you can specify is 25600 KB.
Note: Setting the maximum file size to a high value might affect the STM’s
performance. NETGEAR recommends the default value, which is
sufficient to detect the vast majority of threats.
4. Click Apply to save your settings.
Chapter 4. Content Filtering and Optimizing Scans |91
3. Complete the fields, select the check boxes, and make your selections from the drop-down
lists as explained in the following table:
Table 28. Email Anti-Virus Notification Settings
SettingDescription
Notification Settings
Insert Warning into
Email Subject (SMTP)
Append Safe Stamp
(SMTP and POP3)
Append Warning if
Attachment Exceeds
Scan Size Limit (SMTP
and POP3)
Replace Infected
Attachments with the
Following Warning
Message
For SMTP email messages, select this check box to insert a warning into the email
subject line:
• Malware Found. If a malware threat is found, a [MALWARE INFECTED]
message is inserted. You can change this default message.
• No Malware Found. If no malware threat is found, a [MALWARE FREE]
message is inserted. You can change this default message.
By default, this check box is cleared and no warnings are inserted.
For SMTP and POP3 email messages, select this check box to insert a default
safe stamp message at the end of an email. The safe stamp insertion serves as a
security confirmation to the end user. You can change the default message. By
default, this check box is cleared and no safe stamp is inserted.
For SMTP and POP3 email messages, select this check box to append a default
warning message to an email if the message or an attachment to the message
exceeds the scan size limit. The warning message informs the end user that the
attachment was skipped and might not be safe to open. You can change the
default message. By default, this check box is selected and a warning message is
appended to the email.
Select this check box to replace an email that is infected with a default warning
message. The warning message informs the end user about the name of the
malware threat. You can change the default message to include the action that the
STM has taken (see the following example). By default, this check box is selected,
and a warning message replaces an infected email.
The following is a sample message where the %VIRUSINFO% metaword is
replaced with the EICAR test virus:
Note: Make sure that you keep the %VIRUSINFO% metaword in a message to
enable the STM to insert the correct malware threat information.
Email Alert Settings
Note: Ensure that the email notification server (see Configuring the Email Notification Server on page 176)
is configured before you specify the email alert settings.
Send alert toIn addition to inserting a warning message to replace an infected email, you can
configure the STM to send a notification email to the sender, the recipient, or both
by selecting the corresponding check box or check boxes. By default, both check
boxes are cleared and no notification email is sent.
Chapter 4. Content Filtering and Optimizing Scans |93
SubjectThe default subject line for the notification email is “Malware detected!” You can
change this subject line.
MessageThe warning message informs the sender, the recipient, or both about the name of
the malware threat. You can change the default message to include more
information.
Make sure that you keep the %VIRUSINFO% metaword in a message to enable
the STM to insert the correct malware threat information. In addition to the
%VIRUSINFO% metaword, you can insert the following metawords in your
customized message: %TIME%, %PROTOCOL%, %FROM%, %TO%,
%SUBJECT%, %FILENAME%, %ACTION%, %VIRUSNAME%.
4. Click Apply to save your settings.
Email Content Filtering
The STM provides several options to filter unwanted content from emails. You can filter
content from emails based on keywords in the subject line, file type of the attachment, and file
name of the attachment. You can also set an action to perform on emails with
password-protected attachments.
Several types of email blocking are available:
• Keyword blocking. You can specify words that, should they appear in the email subject
line, cause that email to be blocked by the STM.
• Password-protected attachments. You can block emails based on password-protected
attachments such as .zip or .rar attachments.
• File extension blocking. You can block emails based on the extensions of attached files.
Such files can include executable files, audio and video files, and compressed files.
• File name blocking. You can block emails based on the names of attached files. Such
names can include, for example, names of known malware threats such as the Netsky
worm (which normally arrives as netsky.exe).
94| Chapter 4. Content Filtering and Optimizing Scans
SettingDescription (or Subfield and Description)
Filter by File Type
File Extension By default, the File Extension field lists the most common file extensions that are detected.
You can manually add or delete extensions. Use commas to separate different extensions.
You can enter a maximum of 40 file extensions; the maximum total length of this field,
excluding the delimiter commas, is 160 characters.
You can also use the drop-down list to add predefined file extensions from a specific
category to the File Extension field:
• None. No file extensions are added to the File Extension field. This is the default setting.
• Executables. Executable file extensions (exe, com, dll, so, lib, scr, bat, and cmd) are
added to the File Extension field.
• Audio/Video. Audio and video file extensions (wav, mp3, avi, rm, rmvb, wma, wmv, mpg,
mp4, and aac) are added to the File Extension field.
• Compressed Files. Compressed file extensions (zip, rar, gz, tar, and bz2) added to the
File Extension field.
ActionSMTPFrom the drop-down list, specify an action when an email attachment with a file
POP3
IMAP
extension that is defined in the File Extension field is detected. The drop-down list
selections and defaults are the same as the ones for the Filter by
Password-Protected Attachments (ZIP, RAR, etc.) section earlier in this table.
Filter by File Name
File NameEnter the file names that are detected. For example, to block the Netsky worm (which
normally arrives as netsky.exe), enter netsky.exe. You can enter a maximum of 20 file
names. Use commas to separate multiple file names. The maximum total length of this field
is 400 characters, excluding the delimiter commas.
ActionSMTPFrom the drop-down list, specify an action when an email attachment with a name
POP3
IMAP
that is defined in the File Name field is detected. The drop-down list selections
and defaults are the same as the ones for the Filter by Password-Protected
Attachments (ZIP, RAR, etc.) section earlier in this table.
3. Click Apply to save your settings.
Protecting Against Email Spam
The STM integrates multiple antispam technologies to provide comprehensive protection
against unwanted email. You can enable all or a combination of these antispam technologies.
The STM implements these spam prevention technologies in the following order:
1. Whitelist. Emails from the specified sources or to the specified recipients are not
considered spam and are accepted.
2. Blacklist. Emails from the specified sources are considered spam and are blocked.
3. Real-time blacklist. Emails from known spam sources that are collected by blacklist
providers are blocked.
4. Distributed spam analysis. Emails that are detected as spam by the NETGEAR Spam
Classification Center are either tagged, blocked, or quarantined.
Chapter 4. Content Filtering and Optimizing Scans |97
This order of implementation ensures the optimum balance between spam prevention and
system performance. For example, if an email originates from a whitelisted source, the STM
delivers the email immediately to its destination inbox without implementing the other spam
prevention technologies, thereby speeding up mail delivery and conserving the STM system
resources. However, regardless of whether or not an email is whitelisted, it is still scanned by
the STM’s antimalware engines.
You can configure these antispam options in conjunction with content filtering to optimize
blocking of unwanted mails.
Note: Emails that are sent through the STM over an authenticated
connection between a client and an SMTP mail server are not
checked for spam.
Note: An email that has been checked for spam by the STM contains an
“X-STM-SMTP” (for SMTP emails) or “X-STM-POP3” (for POP-3
emails) tag in its header.
Setting Up the Whitelist and Blacklist
You can specify emails that are accepted or blocked based on the originating IP address,
domain, and email address by setting up the whitelist and blacklist. You can also specify
emails that are accepted based on the destination domain and email address.
The whitelist ensures that email from listed (that is, trusted) sources and recipients is not
mistakenly tagged as spam. Emails going to and from these sources and recipients are
delivered to their destinations immediately, without being scanned by the antispam engines.
This can help to speed up the system and network performance. The blacklist, on the other
hand, lists sources from which all email messages are blocked. You can enter up to 200
entries per list, separated by commas.
Note: The whitelist takes precedence over the blacklist, which means that
if an email source is on both the blacklist and the whitelist, the email
is not scanned by the antispam engines.
98| Chapter 4. Content Filtering and Optimizing Scans
2. Complete the fields as explained in the following table:
Table 30. Whitelist/Blacklist Settings
SettingDescription
Sender IP Address (SMTP)
WhitelistEnter the source IP addresses from which emails can be trusted.
BlacklistEnter the source IP addresses from which emails are blocked.
Click Apply to save your settings, or click Reset to clear all entries from these fields.
Sender Domain (SMTP and POP3)
WhitelistEnter the sender email domains from which emails can be trusted.
BlacklistEnter the sender email domains from which emails are blocked.
Click Apply to save your settings, or click Reset to clear all entries from these fields.
Sender Email Address (SMTP and POP3)
WhitelistEnter the email addresses from which emails can be trusted.
BlacklistEnter the email addresses from which emails are blocked.
Click Apply to save your settings, or click Reset to clear all entries from these fields.
Recipients Domain (SMTP and POP3)
WhitelistEnter the email domains of the recipients to which emails can be safely delivered.
Click Apply to save your settings, or click Reset to clear all entries from this field.
Recipients Email Address (SMTP and POP3)
WhitelistEnter the email addresses of the recipients to which emails can be safely delivered.
Click Apply to save your settings, or click Reset to clear all entries from this field.
Note: In the fields of the Whitelist/Blacklist screen, use commas to
separate multiple entries. For IP addresses, use a hyphen to
indicate a range (for example, 192.168.32.2-192.168.32.8.)
Configuring the Real-Time Blacklist
Blacklist providers are organizations that collect IP addresses of verified open SMTP relays
that might be used by spammers as media for sending spam. These known spam relays are
compiled by blacklist providers and are made available to the public in the form of real-time
blacklists (RBLs). By accessing these RBLs, the STM can block spam originating from known
spam sources.
100| Chapter 4. Content Filtering and Optimizing Scans
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.