Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 1
... network with traffic separation This document describes the steps to undertake in VLAN1 Wired LAN 192.168.1.x/24 Version 2.0 The solution will allow separating the Wireless traffic and Wired traffic of each of the VLANs configured, from any other VLAN which will exist on the Wired or...
... network with traffic separation This document describes the steps to undertake in VLAN1 Wired LAN 192.168.1.x/24 Version 2.0 The solution will allow separating the Wireless traffic and Wired traffic of each of the VLANs configured, from any other VLAN which will exist on the Wired or...
Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 3
... IP 192.168.1.239 Management VLAN: 1 Membership: all ports Untagged in VLAN1 Version 2.0 Network Setup Physical setup Layer 2/Layer 3 switch Port 0/1 connected to UTM10 Port 2 Wireless AP LAN port connected to UTM10 Port 1 UTM10 WAN port connected to the Internet Logical setup UTM 10 Configuration LAN IP 192.168.1.1 VLAN1 (default...
... IP 192.168.1.239 Management VLAN: 1 Membership: all ports Untagged in VLAN1 Version 2.0 Network Setup Physical setup Layer 2/Layer 3 switch Port 0/1 connected to UTM10 Port 2 Wireless AP LAN port connected to UTM10 Port 1 UTM10 WAN port connected to the Internet Logical setup UTM 10 Configuration LAN IP 192.168.1.1 VLAN1 (default...
Application Note: Deploy a ProSecure UTM in a Multi SSID Multi VLAN network
Page 6
...20.1 in VLAN 20 and 192.168.30.1 in both the source and destination VLAN: Managing devices UTM The unit will be performed by connecting a Wireless client to each of the SSID alternatively (i.e. Corporate, Guest, Engineering) and trying to access the Internet or ping the IP address assigned to the SSID.... WNDAP330 The unit will be managed, upon being configured, from a device (wired or wireless) connected to a port in VLAN1 ,as this is the management VLAN for the Access Point (IP 192.168.1.235) Layer2/Layer3 switch The unit ...
...20.1 in VLAN 20 and 192.168.30.1 in both the source and destination VLAN: Managing devices UTM The unit will be performed by connecting a Wireless client to each of the SSID alternatively (i.e. Corporate, Guest, Engineering) and trying to access the Internet or ping the IP address assigned to the SSID.... WNDAP330 The unit will be managed, upon being configured, from a device (wired or wireless) connected to a port in VLAN1 ,as this is the management VLAN for the Access Point (IP 192.168.1.235) Layer2/Layer3 switch The unit ...
UTM9S User Manual
Page 2
... (see Chapter 7, Virtual Private Networking Using IPSec Connections) 2 Other brand and product names are registered trademarks of NETGEAR, Inc. Wireless module (see Configure the PPTP Server (UTM9S Only)) - PPTP server (see Chapter 1, Introduction and Appendix B, Wireless Module for more information about the ProSecure forum and to the products described in any form or by...
... (see Chapter 7, Virtual Private Networking Using IPSec Connections) 2 Other brand and product names are registered trademarks of NETGEAR, Inc. Wireless module (see Configure the PPTP Server (UTM9S Only)) - PPTP server (see Chapter 1, Introduction and Appendix B, Wireless Module for more information about the ProSecure forum and to the products described in any form or by...
UTM9S User Manual
Page 4
...Threat Management (UTM) Appliance? . . 13 Key Features and Capabilities 14 Multiple WAN Port Models for Increased Reliability or Outbound Load Balancing 15 Wireless Features 15 DSL Features 15 Advanced VPN Support for Both IPSec and SSL 16 A Powerful, True Firewall 16 Stream Scanning for Content Filtering 16... UTM10 22 Front Panel UTM25 23 Front Panel UTM50 24 Front Panel UTM150 24 Front Panel UTM9S and Modules 25 LED Descriptions, UTM5, UTM10, UTM25, UTM50, and UTM150 . . . . 27 LED Descriptions, UTM9S and Modules 28 Rear Panel UTM5, UTM10, and UTM25 30 Rear Panel UTM50 and UTM150...
...Threat Management (UTM) Appliance? . . 13 Key Features and Capabilities 14 Multiple WAN Port Models for Increased Reliability or Outbound Load Balancing 15 Wireless Features 15 DSL Features 15 Advanced VPN Support for Both IPSec and SSL 16 A Powerful, True Firewall 16 Stream Scanning for Content Filtering 16... UTM10 22 Front Panel UTM25 23 Front Panel UTM50 24 Front Panel UTM150 24 Front Panel UTM9S and Modules 25 LED Descriptions, UTM5, UTM10, UTM25, UTM50, and UTM150 . . . . 27 LED Descriptions, UTM9S and Modules 28 Rear Panel UTM5, UTM10, and UTM25 30 Rear Panel UTM50 and UTM150...
UTM9S User Manual
Page 10
...Time 499 Use Online Support 499 Enable Remote Troubleshooting 499 Send Suspicious Files to NETGEAR for Analysis 500 Access the Knowledge Base and Documentation 501 Appendix A xDSL Module for the UTM9S xDSL Module Configuration Tasks 502 Configure the xDSL Settings 503 Automatically Detecting and Connecting...Addresses 521 Configure Dynamic DNS 523 Configure Advanced WAN Options 526 Additional WAN-Related Configuration Tasks 528 Appendix B Wireless Module for the UTM9S Overview of the Wireless Module 529 Configuration Order 530 Wireless Equipment Placement and Range Guidelines 530 10
...Time 499 Use Online Support 499 Enable Remote Troubleshooting 499 Send Suspicious Files to NETGEAR for Analysis 500 Access the Knowledge Base and Documentation 501 Appendix A xDSL Module for the UTM9S xDSL Module Configuration Tasks 502 Configure the xDSL Settings 503 Automatically Detecting and Connecting...Addresses 521 Configure Dynamic DNS 523 Configure Advanced WAN Options 526 Additional WAN-Related Configuration Tasks 528 Appendix B Wireless Module for the UTM9S Overview of the Wireless Module 529 Configuration Order 530 Wireless Equipment Placement and Range Guidelines 530 10
UTM9S User Manual
Page 11
...Radio Settings 549 Configure Advanced Profile and WMM QoS Priority Settings 551 Advanced Profile Settings 551 WMM QoS Priority Settings 553 Test Basic Wireless Connectivity 554 Appendix C Network Planning for Dual WAN Ports (Multiple WAN Port Models Only) What to Consider Before You Begin ...the ReadyNAS 573 Connect to the ReadyNAS on the UTM9S 575 Appendix E Two-Factor Authentication Why Do I Need Two-Factor Authentication 578 What Are the Benefits of Two-Factor Authentication 578 What Is Two-Factor Authentication 579 NETGEAR Two-Factor Authentication Solutions 579 Appendix F System ...
...Radio Settings 549 Configure Advanced Profile and WMM QoS Priority Settings 551 Advanced Profile Settings 551 WMM QoS Priority Settings 553 Test Basic Wireless Connectivity 554 Appendix C Network Planning for Dual WAN Ports (Multiple WAN Port Models Only) What to Consider Before You Begin ...the ReadyNAS 573 Connect to the ReadyNAS on the UTM9S 575 Appendix E Two-Factor Authentication Why Do I Need Two-Factor Authentication 578 What Are the Benefits of Two-Factor Authentication 578 What Is Two-Factor Authentication 579 NETGEAR Two-Factor Authentication Solutions 579 Appendix F System ...
UTM9S User Manual
Page 12
... Logs 598 Appendix G Default Settings and Technical Specifications Default Settings 599 Physical and Technical Specifications 601 Appendix H Notification of Compliance (Wired) Appendix I Notification of Compliance (Wireless) Index 12
... Logs 598 Appendix G Default Settings and Technical Specifications Default Settings 599 Physical and Technical Specifications 601 Appendix H Notification of Compliance (Wired) Appendix I Notification of Compliance (Wireless) Index 12
UTM9S User Manual
Page 13
... traffic, or to the Internet through one or two external broadband access devices such as cable modems, DSL modems, satellite dishes, or wireless ISP radio antennas, or a combination of service (DoS) attacks, unwanted traffic, traffic with objectionable content, spam, phishing, and web-... Scanning technology to protect your local area network (LAN) to maintain a backup connection in this manual, visit the NETGEAR support website at http://support.netgear.com. As a complete security solution, the UTM combines a powerful, flexible firewall with License Keys • Package Contents • ...
... traffic, or to the Internet through one or two external broadband access devices such as cable modems, DSL modems, satellite dishes, or wireless ISP radio antennas, or a combination of service (DoS) attacks, unwanted traffic, traffic with objectionable content, spam, phishing, and web-... Scanning technology to protect your local area network (LAN) to maintain a backup connection in this manual, visit the NETGEAR support website at http://support.netgear.com. As a complete security solution, the UTM combines a powerful, flexible firewall with License Keys • Package Contents • ...
UTM9S User Manual
Page 14
.../1000 Mbps Gigabit Ethernet LAN switch for extremely fast data transfer between local network resources. • Wireless module (UTM9S only) for either 2.4-GHz or 5-GHz wireless modes. • xDLS module (UTM9S only) for firmware upgrade. • Internal universal switching power supply. The use of spyware, viruses.... • Advanced IPSec VPN and SSL VPN support. • Depending on the model, bundled with a one-user license of the NETGEAR ProSafe VPN Client software (VPN01L). • Advanced Stateful Packet Inspection (SPI) firewall with multi-NAT support. • Patent-pending Stream...
.../1000 Mbps Gigabit Ethernet LAN switch for extremely fast data transfer between local network resources. • Wireless module (UTM9S only) for either 2.4-GHz or 5-GHz wireless modes. • xDLS module (UTM9S only) for firmware upgrade. • Internal universal switching power supply. The use of spyware, viruses.... • Advanced IPSec VPN and SSL VPN support. • Depending on the model, bundled with a one-user license of the NETGEAR ProSafe VPN Client software (VPN01L). • Advanced Stateful Packet Inspection (SPI) firewall with multi-NAT support. • Patent-pending Stream...
UTM9S User Manual
Page 15
...ensure that you to connect a second broadband Internet line that can be configured on the UTM9S with a UTM9SWLSN wireless module installed. The SSID is inoperable, ensuring that only trusted wireless stations can connect. • Secure and economical operation. Adjustable power output allows more access ...and ADLS2+ • VDSL and VDSL2 Annex A, Annex B, and Annex M are supported on the UTM9S with a UTM9SDSL xDSL module installed. Either 2.4-GHz band support with 802.11b/g/n/ wireless modes or 5-GHz band support with two broadband WAN ports. A UTM with dual WAN ports balances users...
...ensure that you to connect a second broadband Internet line that can be configured on the UTM9S with a UTM9SWLSN wireless module installed. The SSID is inoperable, ensuring that only trusted wireless stations can connect. • Secure and economical operation. Adjustable power output allows more access ...and ADLS2+ • VDSL and VDSL2 Annex A, Annex B, and Annex M are supported on the UTM9S with a UTM9SDSL xDSL module installed. Either 2.4-GHz band support with 802.11b/g/n/ wireless modes or 5-GHz band support with two broadband WAN ports. A UTM with dual WAN ports balances users...
UTM9S User Manual
Page 20
... models (continued) Feature WAN ports (Gigabit RJ-45) DMZ interfaces (configurable) USB ports Console ports (RS232) Flash memory RAM Modules xDSL module with RJ11 port Wireless module Deployment VLAN support Dual WAN auto-rollover mode Dual WAN load balancing mode Single WAN mode UTM5 1 1 1 1 2 GB 512 MB No No Yes No... No Yes UTM9S 2 1 1 1 2 GB 512 MB Yes Yes Yes Yes Yes Yes UTM10 1 1 1 1 2 GB 512 MB No No Yes No No Yes UTM25 2 1 1 1 2 GB 1 GB No No Yes...
... models (continued) Feature WAN ports (Gigabit RJ-45) DMZ interfaces (configurable) USB ports Console ports (RS232) Flash memory RAM Modules xDSL module with RJ11 port Wireless module Deployment VLAN support Dual WAN auto-rollover mode Dual WAN load balancing mode Single WAN mode UTM5 1 1 1 1 2 GB 512 MB No No Yes No... No Yes UTM9S 2 1 1 1 2 GB 512 MB Yes Yes Yes Yes Yes Yes UTM10 1 1 1 1 2 GB 512 MB No No Yes No No Yes UTM25 2 1 1 1 2 GB 1 GB No No Yes...
UTM9S User Manual
Page 26
... 6. Figure 7. The antennas are explained in one of the UTM9S slots: • UTM9SDSLA. The xDLS module provides one RJ-11 port for insertion in Table 3 on page 28. UTM9SDSL xDSL module UTM9SWLSN Wireless Module The wireless module (UTM9SWLSN) can be inserted in Table 3 on page 28.... Front panel UTM9S UTM9SDSL xDSL Module The following xDSL modules are explained in one of the UTM9S slots. The two LEDs are available for connection to...
... 6. Figure 7. The antennas are explained in one of the UTM9S slots: • UTM9SDSLA. The xDLS module provides one RJ-11 port for insertion in Table 3 on page 28. UTM9SDSL xDSL module UTM9SWLSN Wireless Module The wireless module (UTM9SWLSN) can be inserted in Table 3 on page 28.... Front panel UTM9S UTM9SDSL xDSL Module The following xDSL modules are explained in one of the UTM9S slots. The two LEDs are available for connection to...
UTM9S User Manual
Page 27
Table 2. The UTM is not supplied to the UTM. Introduction 27 On (amber) during Test mode. UTM9SWLSN wireless module LED Descriptions, UTM5, UTM10, UTM25, UTM50, and UTM150 The following table describes the function of each LED. Off Power is initializing. After approximately 2 minutes, ...
Table 2. The UTM is not supplied to the UTM. Introduction 27 On (amber) during Test mode. UTM9SWLSN wireless module LED Descriptions, UTM5, UTM10, UTM25, UTM50, and UTM150 The following table describes the function of each LED. Off Power is initializing. After approximately 2 minutes, ...
UTM9S User Manual
Page 29
... provides an Internet connection. Right LED Off The WAN port is operating at 10 Mbps. Wireless module Module Off Status LED On (green) The module is currently not operable on the UTM9S. On (amber) The LAN port is operating at 100 Mbps. On (green) The ...Blinking (amber) The UTM is not enabled or has no link to defaults). ProSecure Unified Threat Management (UTM) Appliance Table 3. LED descriptions UTM9S (continued) LED Activity Description Test LED On (amber) during The initialization has failed, or a hardware failure has occurred. After approximately 2 minutes...
... provides an Internet connection. Right LED Off The WAN port is operating at 10 Mbps. Wireless module Module Off Status LED On (green) The module is currently not operable on the UTM9S. On (amber) The LAN port is operating at 100 Mbps. On (green) The ...Blinking (amber) The UTM is not enabled or has no link to defaults). ProSecure Unified Threat Management (UTM) Appliance Table 3. LED descriptions UTM9S (continued) LED Activity Description Test LED On (amber) during The initialization has failed, or a hardware failure has occurred. After approximately 2 minutes...
UTM9S User Manual
Page 30
...reset button receptacle Viewed from left to factory default settings. Console port. The pinouts are lost, and the default password is wireless activity in 2.4-GHz operating mode. Using a sharp object, press and hold this button for connecting to the telephone line. Introduction... 30 There is 9600 K. LED descriptions UTM9S (continued) LED Activity Wireless Link LED Off On (green) Blinking (green) On (yellow) Blinking (yellow) xDSL module Module Off Status LED On (green...
...reset button receptacle Viewed from left to factory default settings. Console port. The pinouts are lost, and the default password is wireless activity in 2.4-GHz operating mode. Using a sharp object, press and hold this button for connecting to the telephone line. Introduction... 30 There is 9600 K. LED descriptions UTM9S (continued) LED Activity Wireless Link LED Off On (green) Blinking (green) On (yellow) Blinking (yellow) xDSL module Module Off Status LED On (green...
UTM9S User Manual
Page 35
... units. • Water or moisture cannot enter the case of the case is as free of electrical noise. Note: For the UTM9S, see Appendix G, Default Settings and Technical Specifications. ProSecure Unified Threat Management (UTM) Appliance The following when deciding where to be connected...; The air is not restricted. For information about the recommended operating temperatures for the UTM9S: Figure 17. Consider the following figure shows the product label for the UTM, see also Wireless Equipment Placement and Range Guidelines on its runner feet) or mounted into a standard 19...
... units. • Water or moisture cannot enter the case of the case is as free of electrical noise. Note: For the UTM9S, see Appendix G, Default Settings and Technical Specifications. ProSecure Unified Threat Management (UTM) Appliance The following when deciding where to be connected...; The air is not restricted. For information about the recommended operating temperatures for the UTM9S: Figure 17. Consider the following figure shows the product label for the UTM, see also Wireless Equipment Placement and Range Guidelines on its runner feet) or mounted into a standard 19...
UTM9S User Manual
Page 66
Note: On the UTM9S, the Email Notification configuration menu is described in Your Network. Manually Configuring Internet and WAN Settings 3 This chapter contains the following sections: • Internet and ..., and to Provision the UTM in Chapter 2, Using the Setup Wizard to configure secondary WAN addresses and advanced WAN options. Note: The Wireless Settings configuration menu is shown on the UTM9S only, accessible under the Monitoring main navigation menu instead of the UTM is accessible under the Network Config main navigation menu. 3.
Note: On the UTM9S, the Email Notification configuration menu is described in Your Network. Manually Configuring Internet and WAN Settings 3 This chapter contains the following sections: • Internet and ..., and to Provision the UTM in Chapter 2, Using the Setup Wizard to configure secondary WAN addresses and advanced WAN options. Note: The Wireless Settings configuration menu is shown on the UTM9S only, accessible under the Monitoring main navigation menu instead of the UTM is accessible under the Network Config main navigation menu. 3.
UTM9S User Manual
Page 70
... for the WAN interface that you are prompted either to check the physical connection between your UTM and the cable, DSL line, satellite dish, or wireless ISP radio antenna to the WAN screen by your ISP. • If the autodetect process does not find a connection, you just configured to Manually Configure...
... for the WAN interface that you are prompted either to check the physical connection between your UTM and the cable, DSL line, satellite dish, or wireless ISP radio antenna to the WAN screen by your ISP. • If the autodetect process does not find a connection, you just configured to Manually Configure...
UTM9S User Manual
Page 93
...4 This chapter describes how to the appropriate port. 93 Endpoints can generally be defined as a broadcast domain. Note: On the UTM9S, the Email Notification configuration menu is shown on the Default VLAN • Manage Groups and Hosts (LAN Groups) • Configure ... LANs and DHCP Options • Configure Multihome LAN IPs on the UTM9S only, accessible under the Monitoring main navigation menu instead of your UTM. Hubs, bridges, or switches in Your Network. 4. Note: The Wireless Settings configuration menu is accessible under the Network Config main navigation menu....
...4 This chapter describes how to the appropriate port. 93 Endpoints can generally be defined as a broadcast domain. Note: On the UTM9S, the Email Notification configuration menu is shown on the Default VLAN • Manage Groups and Hosts (LAN Groups) • Configure ... LANs and DHCP Options • Configure Multihome LAN IPs on the UTM9S only, accessible under the Monitoring main navigation menu instead of your UTM. Hubs, bridges, or switches in Your Network. 4. Note: The Wireless Settings configuration menu is accessible under the Network Config main navigation menu....