- Computers & electronics
- Networking
- Netgear
- STM600 - ProSecure Web And Email Threat Management Appliance
- Reference manual
Managing Digital Certificates. Netgear STM600 - ProSecure Web And Email Threat Management Appliance, STM300 - ProSecure Web And Email Threat Management Appliance, STM150 - ProSecure Web And Email Threat Management Appliance
Add to My manuals261 Pages
advertisement
![Managing Digital Certificates. Netgear STM600 - ProSecure Web And Email Threat Management Appliance, STM300 - ProSecure Web And Email Threat Management Appliance, STM150 - ProSecure Web And Email Threat Management Appliance | Manualzz Managing Digital Certificates. Netgear STM600 - ProSecure Web And Email Threat Management Appliance, STM300 - ProSecure Web And Email Threat Management Appliance, STM150 - ProSecure Web And Email Threat Management Appliance | Manualzz](http://s1.manualzz.com/store/data/007103135_1-92829e6779d984aae68708f02ebe0cf3-360x466.png)
ProSecure Web/Email Security Threat Management (STM) Appliance
Table 22. System Date and Time Settings (Continued)
Setting
Use Custom NTP
Servers
Description (or Subfield and Description)
The STM regularly updates its RTC by contacting one of the two NTP servers (primary and backup), both of which you need to specify in the fields that become available when you select this option.
Note:
If you select this option but leave either the Server 1 or Server 2 field blank, both fields are automatically set to the default NETGEAR NTP servers.
Note:
A list of public NTP servers is available at
http://support.ntp.org/bin/view/Servers/WebHome
.
Server 1 Name /
IP Address
Enter the IP address or host name the primary NTP server.
Server 2 Name /
IP Address
Enter the IP address or host name the secondary NTP server.
Manually Enter the
Date and Time
Date
Time
Enter the date in the yyyy-mm-dd (year-month-date) format.
Enter the time in the hh-mm-ss (hour-minutes-seconds) format.
Time Zone
From the drop-down list, select the local time zone in which the STM operates. The correct time zone is required in order for scheduling to work correctly. You do not need to configure daylight savings time, which is applied automatically when applicable. GMT (Greenwich Mean Time) is the default setting.
Note:
When you select a time zone that is not associated with a location such as (GMT -08:00) GMT-8, daylight savings time is automatically disabled. When you select a time zone that is associated with a location such as (GMT -08:00) Pacific Time ( US & Canada), daylight savings time is automatically enabled.
3.
Click Apply to save your settings. Changing the time zone requires the STM to restart.
Note:
If you select the default NTP servers or if you enter a custom server
FQDN, the STM determines the IP address of the NTP server by performing a DNS lookup. You need to configure a DNS server
address on the Network Settings screen (see
on page 52) before the STM can perform this lookup.
Managing Digital Certificates
The STM uses digital certificates (also known as X509 certificates) for secure Web access connections over HTTPS (that is, SSL VPN connections).
Digital certificates can be either self-signed or can be issued by Certification Authorities
(CAs) such as an internal Windows server or an external organizations such as Verisign or
Thawte. On the STM, the uploaded digital certificate is checked for validity and purpose. The digital certificate is accepted when it passes the validity test and the purpose matches its use.
76 | Chapter 3. Performing Network and System Management
ProSecure Web/Email Security Threat Management (STM) Appliance
The STM uses digital certificates to authenticate connecting HTTPS servers, and to allow
HTTPS clients to be authenticated by remote entities. A digital certificate that authenticates a server, for example, is a file that contains the following elements:
•
A public encryption key to be used by clients for encrypting messages to the server.
•
Information identifying the operator of the server.
•
A digital signature confirming the identity of the operator of the server. Ideally, the signature is from a trusted third party whose identity can be verified.
When a security alert is generated, the user can decide whether or not to trust the host.
Figure 46.
You can obtain a digital certificate from a well-known commercial Certificate Authority (CA) such as Verisign or Thawte. Because a commercial CA takes steps to verify the identity of an applicant, a digital certificate from a commercial CA provides a strong assurance of the server’s identity.
The STM contains a self-signed digital certificate from NETGEAR. This certificate can be downloaded from the STM login screen or from the Certificate Management screen for browser import. However, NETGEAR recommends that you replace this digital certificate with a digital certificate from a well-known commercial CA prior to deploying the STM in your network.
The STM’s Certificate Management screen lets you to view the currently loaded digital certificate for HTTPS scans, upload a new digital certificate, manage the trusted CA authorities list, and manage the untrusted certificates list.
To display the Certificate Management screen, select Web Security > Certificate
Management from the menu. Because of the size of this screen, and because of the way the
information is presented, the Certificate Management screen is divided and presented in this
manual in three figures (the following figure,
Chapter 3. Performing Network and System Management | 77
ProSecure Web/Email Security Threat Management (STM) Appliance
Managing the Certificate for HTTPS Scans
To manage the STM’s active certificate that is used for HTTPS scans, select Web Security >
Certificate Management from the menu. The Certificate Management screen displays. The
following figure shows only the Certificate Used for HTTPS Scans section of the screen:
Figure 47. Certificate Management, screen 1 of 3
The top part of the Certificate Used for HTTPS Scans section displays information about the current certificate that is used for HTTPS scans.
Note:
For information about the HTTPS scanning process,
To download the current certificate into your browser:
1.
Click Download for browser import.
2.
Follow the instructions of your browser to save the RootCA.crt file on your computer.
To reload the default NETGEAR certificate:
1.
Select the Use NETGEAR default certificate radio button.
2.
Click Apply to save your settings.
78 | Chapter 3. Performing Network and System Management
ProSecure Web/Email Security Threat Management (STM) Appliance
To import a new certificate:
1.
Select the Use imported certificate (PKCS12 format) radio button.
2.
Click Browse next to the Import from File field.
3.
Navigate to a trusted certificate file on your computer. Follow the instructions of your browser to place the certificate file in the Import from File field.
4.
If required, enter the appropriate password in the Certificate password field.
5.
Click the Upload button.
Note:
If the certificate file is not in the pkcs12 format, the upload fails.
Importing a new certificate overwrites any previously imported certificates.
6.
Click Apply to save your settings.
Managing Trusted Certificates
To manage trusted certificates:
Select Web Security > Certificate Management from the menu. The Certificate
Management screen displays. The following figure shows only the Trusted Certificate
Authorities section of the screen:
Figure 48. Certificate Management, screen 2 of 3
The Trusted Certificate Authorities table contains the trusted certificates from third-party websites that are signed by the Certificate Authorities.
Chapter 3. Performing Network and System Management | 79
ProSecure Web/Email Security Threat Management (STM) Appliance
To view details of a trusted certificate:
1.
From the Trusted Certificate Authorities table, select the certificate.
2.
Click View Details. A new screen opens that displays the details of the certificate.
To delete a trusted certificate:
1.
From the Trusted Certificate Authorities table, select the certificate.
2.
Click Delete Selected.
To import a trusted certificate:
1.
Click Browse next to the Import from File field.
2.
Navigate to a trusted certificate file on your computer. Follow the instructions of your browser to place the certificate file in the Import from File field.
3.
Click the Upload button. The newly imported trusted certificate is added to the Trusted
Certificate Authorities table.
Managing Untrusted Certificates
To manage untrusted certificates:
Select Web Security > Certificate Management from the menu. The Certificate
Management screen displays. The following figure shows only the Untrusted Certificates section of the screen:
Figure 49. Certificate Management, screen 3 of 3
When the STM detects an untrusted or invalid certificate, it automatically places the certificate in the Untrusted Certificates table.
To view details of an untrusted certificate:
1.
From the Untrusted Certificates table, select the certificate.
2.
Click View Details. A new screen opens that displays the details of the certificate.
80 | Chapter 3. Performing Network and System Management
advertisement
Related manuals
advertisement
Table of contents
- 8 What Is the ProSecure Web/Email Security Threat Management Appliance STM150, STM300, or STM600?
- 9 What Can You Do with an STM?
- 9 Key Features and Capabilities
- 10 Stream Scanning for Content Filtering
- 11 Autosensing Ethernet Connections with Auto Uplink
- 11 Easy Installation and Management
- 12 Maintenance and Support
- 12 STM Model Comparison
- 12 Service Registration Card with License Keys
- 13 Package Contents
- 14 Hardware Features
- 14 Front Panel Ports and LEDs
- 20 Rear Panel Features
- 22 Bottom Panel with Product Label
- 23 Choosing a Location for the STM
- 24 Using the Rack-Mounting Kit
- 25 Choosing a Deployment Scenario
- 25 Gateway Deployment
- 26 Server Group
- 27 Segmented LAN Deployment
- 27 Understanding the Steps for Initial Connection
- 28 Qualified Web Browsers
- 28 Logging In to the STM
- 30 Understanding the Web Management Interface Menu Layout
- 32 Using the Setup Wizard to Perform the Initial Configuration
- 33 Setup Wizard Step 1 of 10: Introduction
- 33 Setup Wizard Step 2 of 11: Networking Settings
- 35 Setup Wizard Step 3 of 11: Time Zone
- 37 Setup Wizard Step 4 of 11: Email Security
- 39 Setup Wizard Step 5 of 11: Web Security
- 42 Setup Wizard Step 6 of 11: Email Notification Server Settings
- 43 Setup Wizard Step 7 of 11: Update Settings
- 45 Setup Wizard Step 8 of 11: HTTP Proxy Settings
- 46 Setup Wizard Step 9 of 11: Web Categories
- 48 Setup Wizard Step 10 of 11: Configuration Summary
- 49 Setup Wizard Step 11 of 11: Restarting the System
- 49 Verifying Correct Installation
- 49 Testing Connectivity
- 49 Testing HTTP Scanning
- 50 Registering the STM with NETGEAR
- 51 What to Do Next
- 52 Configuring Network Settings
- 56 Configuring Session Limits and Timeouts
- 57 Configuring the Network Refresh and Permanent MAC Address Bindings
- 59 Managing Permanent MAC Address Bindings
- 60 Configuring the HTTP Proxy Settings
- 61 About Users with Administrative and Guest Privileges
- 62 Changing Administrative Passwords and Timeouts
- 64 Configuring Remote Management Access
- 65 Using an SNMP Manager
- 67 Supported MIB Browsers
- 67 Managing the Configuration File
- 68 Backing Up Settings
- 69 Restoring Settings
- 70 Reverting to Factory Default Settings
- 71 Updating the Software
- 71 Scheduling Updates
- 73 Performing a Manual Update
- 74 Critical Updates That Require a Restart
- 74 Configuring Date and Time Service
- 76 Managing Digital Certificates
- 78 Managing the Certificate for HTTPS Scans
- 79 Managing Trusted Certificates
- 80 Managing Untrusted Certificates
- 81 Managing the Quarantine Settings
- 82 Managing the STM’s Performance
- 84 About Content Filtering and Scans
- 85 Default Email and Web Scan Settings
- 87 Configuring Email Protection
- 87 Customizing Email Protocol Scan Settings
- 88 Customizing Email Anti-Virus Settings
- 94 Email Content Filtering
- 97 Protecting Against Email Spam
- 105 Configuring Web and Services Protection
- 105 Customizing Web Protocol Scan Settings
- 107 Configuring Web Malware Scans
- 109 Configuring Web Content Filtering
- 116 Configuring Web URL Filtering
- 119 HTTPS Scan Settings
- 124 Specifying Trusted Hosts
- 125 Configuring FTP Scans
- 127 Configuring Application Control
- 130 Setting Scanning Exclusions and Web Access Exceptions
- 130 Setting Scanning Exclusions
- 132 Setting Access Exception Rules for Web Access
- 139 Creating Custom Groups for Web Access Exceptions
- 142 Creating Custom Categories for Web Access Exceptions
- 147 About Users, Groups, and Domains
- 148 Configuring Groups
- 149 Creating and Deleting Groups by Name
- 150 Editing Groups by Name
- 151 Creating and Deleting Groups by IP Address and Subnet
- 152 Configuring User Accounts
- 153 Creating and Deleting User Accounts
- 154 Editing User Accounts
- 154 Configuring Authentication
- 155 Understanding the STM’s Authentication Options
- 157 Understanding Active Directories and LDAP Configurations
- 161 Creating and Deleting LDAP and Active Directory Domains
- 164 Editing LDAP and Active Directory Domains
- 164 Understanding the ProSecure DC Agent
- 165 Requirements for the ProSecure DC Agent Software and DC Agent Server
- 165 Downloading ProSecure DC Agent Software, and Creating and Deleting DC Agents
- 167 Creating and Deleting RADIUS Domains
- 169 Editing RADIUS Domains and Configuring VLANs
- 170 Global User Settings
- 172 Viewing and Logging Out Active Users
- 175 Configuring Logging, Alerts, and Event Notifications
- 176 Configuring the Email Notification Server
- 177 Configuring and Activating System, Email, and Syslog Logs
- 182 Configuring Alerts
- 184 Monitoring Real-Time Traffic, Security, Statistics, and Web Usage
- 184 Understanding the Information on the Dashboard Screen
- 190 Monitoring Web Usage
- 192 Viewing System Status
- 194 Querying Logs
- 199 Example: Using Logs to Identify Infected Clients
- 199 Log Management
- 200 Viewing, Scheduling, and Generating Reports
- 200 Report Templates
- 202 Generating Reports for Downloading
- 203 Scheduling Automatic Generation and Emailing of Reports
- 204 Advanced Report Filtering Options
- 208 Viewing and Managing the Quarantine Files
- 215 Using Diagnostics Utilities
- 216 Using the Network Diagnostic Tools
- 217 Using the Realtime Traffic Diagnostics Tool
- 218 Gathering Important Log Information and Generating a Network Statistics Report
- 219 Restarting and Shutting Down the STM
- 222 Basic Functioning
- 222 Power LED Not On
- 222 Test LED or Status LED Never Turns Off
- 223 LAN or WAN Port LEDs Not On
- 223 Troubleshooting the Web Management Interface
- 224 When You Enter a URL or IP Address a Time-Out Error Occurs
- 224 Troubleshooting a TCP/IP Network Using a Ping Utility
- 225 Testing the LAN Path to Your STM
- 225 Testing the Path from Your PC to a Remote Device
- 226 Restoring the Default Configuration and Password
- 227 Problems with Date and Time
- 227 Using Online Support
- 227 Enabling Remote Troubleshooting
- 228 Installing Hot Fixes
- 229 Sending Suspicious Files to NETGEAR for Analysis
- 230 Accessing the Knowledge Base and Documentation