- Computers & electronics
- Networking
- Netgear
- STM600 - ProSecure Web And Email Threat Management Appliance
- Reference manual
Configuring Groups. Netgear STM600 - ProSecure Web And Email Threat Management Appliance, STM300 - ProSecure Web And Email Threat Management Appliance, STM150 - ProSecure Web And Email Threat Management Appliance
Add to My manuals261 Pages
advertisement
ProSecure Web/Email Security Threat Management (STM) Appliance
The STM supports both unauthenticated and authenticated users:
•
Unauthenticated users. Anonymous users who do not log in to the STM and to which
the STM’s default email and Web access policies apply.
•
Authenticated users. Users who have a computer behind the STM, who log in to the
STM with a user name and password, and who are assigned an access policy that normally differs from the STM’s default email and Web access policies. Different users or user groups can have different access policies, so there can be multiple access policies on the STM.
In addition to being authenticated as individual users, users can be authenticated on the
STM according to group membership or IP address:
-
Group membership. A group is defined in the STM’s local database, an LDAP
database, or a RADIUS database. If you use a RADIUS database for authentication, a group can also be defined in a VLAN.
-
IP address. A group is defined by its IP address and subnet.
Note:
For detailed information about authentication, see
The login window that is presented to this type of users is the User Portal Login screen
on page 156), which requires three items: a user name, a password, and a
domain selection. The domain determines the authentication method that needs to be used—LDAP, Active Directory, RADIUS, or the STM’s local database.
Configuring Groups
The use of groups simplifies the application of exception policies that allow different sets of users to have different Internet access restrictions. Rather than applying the same exception to each user, it is easier to apply a single exception to the entire group. For information about
Setting Access Exception Rules for Web Access
Note:
For information about custom groups that allow you to set access exceptions for a combination of local groups and local users, groups and users that are defined by their IP address, LDAP groups and users, and RADIUS groups and users, see
Creating Custom Groups for Web Access Exceptions
148 | Chapter 5. Managing Users, Groups, and Authentication
ProSecure Web/Email Security Threat Management (STM) Appliance
You can define groups either by name or by IP address and subnet:
•
Groups defined by name. These are local groups on the STM to which you can add
users from the STM’s local user database. Local groups are automatically assigned to the
STM’s prosecuredomain default domain.
Note:
For information about groups that are defined by VLANs, see
Creating and Deleting VLANs for Use with RADIUS Domains
•
Groups defined by IP address and subnet. These are groups that can be on your local
network or on a remote device.
Note:
If you use groups on a remote device, you need to configure your network’s firewall to allow access to the IP address and subnet mask that have been assigned to the remote group.
Creating and Deleting Groups by Name
To create a local group by name:
1.
Select User Management > Groups from the menu. The Groups screen displays. (The following figure contains one example.)
Figure 82.
The List of Groups table displays the local groups with the following fields:
•
Name. The name of the group, which is the defining characteristic of the group.
•
Brief Description. An optional brief description of the group.
•
Action. The Edit table button, which provides access to the Edit Group screen, and
the Delete table button, which allows you to delete the group.
Chapter 5. Managing Users, Groups, and Authentication | 149
ProSecure Web/Email Security Threat Management (STM) Appliance
2.
In the Add New Group section of the screen, complete the fields as explained in the following table:
Table 43. Group Settings
Setting
Name
Description
A descriptive (alphanumeric) name of the group for identification and management purposes.
Description A brief description of the group for identification and management purposes. This description is optional.
3.
Click the Add table button. The new group is added to the List of Groups table.
To delete a group from the List of Groups table, click the Delete table button in the Action column for the group that you want to delete.
Note:
When you delete a group, an exception rule that is associated with this group no longer has any effect. You can delete such an exception rule.
Editing Groups by Name
To edit a local group that you created by name:
1.
Select User Management > Groups from the menu. The Groups screen displays (see the previous figure).
2.
In the Action column of the List of Groups table, click the Edit table button for the group that you want to edit. The Edit Group screen displays. (The following figure contains some examples.)
Figure 83.
150 | Chapter 5. Managing Users, Groups, and Authentication
ProSecure Web/Email Security Threat Management (STM) Appliance
3.
Change the field and move the users as explained in the following table:
Table 44. Edit Group Settings
Setting Description
Edit Description You can edit the brief description of the group for identification and management purposes.
Use the move buttons to move all users or only selected users from the Local users field to the Users in this group field (or the other way around).
These are the functions of the move buttons:
• < or > moves one or more highlighted selections from one field to the other.
• << or >> moves all entries from one field to the other.
4.
Click Apply to save your changes.
Creating and Deleting Groups by IP Address and Subnet
To create a group by IP address and subnet:
1.
Select User Management > IP Subnet/Groups from the menu. The IP Subnet/Groups screen displays. (The following figure contains one example.)
Figure 84.
The Groups Membership by IP Address table displays the groups with the following fields:
•
IP Address. The IP address for the group.
•
Netmask. The subnet mask for the group.
•
Name. The name of the group.
•
Action. The Delete table button, which allows you to delete the group.
Chapter 5. Managing Users, Groups, and Authentication | 151
advertisement
Related manuals
advertisement
Table of contents
- 8 What Is the ProSecure Web/Email Security Threat Management Appliance STM150, STM300, or STM600?
- 9 What Can You Do with an STM?
- 9 Key Features and Capabilities
- 10 Stream Scanning for Content Filtering
- 11 Autosensing Ethernet Connections with Auto Uplink
- 11 Easy Installation and Management
- 12 Maintenance and Support
- 12 STM Model Comparison
- 12 Service Registration Card with License Keys
- 13 Package Contents
- 14 Hardware Features
- 14 Front Panel Ports and LEDs
- 20 Rear Panel Features
- 22 Bottom Panel with Product Label
- 23 Choosing a Location for the STM
- 24 Using the Rack-Mounting Kit
- 25 Choosing a Deployment Scenario
- 25 Gateway Deployment
- 26 Server Group
- 27 Segmented LAN Deployment
- 27 Understanding the Steps for Initial Connection
- 28 Qualified Web Browsers
- 28 Logging In to the STM
- 30 Understanding the Web Management Interface Menu Layout
- 32 Using the Setup Wizard to Perform the Initial Configuration
- 33 Setup Wizard Step 1 of 10: Introduction
- 33 Setup Wizard Step 2 of 11: Networking Settings
- 35 Setup Wizard Step 3 of 11: Time Zone
- 37 Setup Wizard Step 4 of 11: Email Security
- 39 Setup Wizard Step 5 of 11: Web Security
- 42 Setup Wizard Step 6 of 11: Email Notification Server Settings
- 43 Setup Wizard Step 7 of 11: Update Settings
- 45 Setup Wizard Step 8 of 11: HTTP Proxy Settings
- 46 Setup Wizard Step 9 of 11: Web Categories
- 48 Setup Wizard Step 10 of 11: Configuration Summary
- 49 Setup Wizard Step 11 of 11: Restarting the System
- 49 Verifying Correct Installation
- 49 Testing Connectivity
- 49 Testing HTTP Scanning
- 50 Registering the STM with NETGEAR
- 51 What to Do Next
- 52 Configuring Network Settings
- 56 Configuring Session Limits and Timeouts
- 57 Configuring the Network Refresh and Permanent MAC Address Bindings
- 59 Managing Permanent MAC Address Bindings
- 60 Configuring the HTTP Proxy Settings
- 61 About Users with Administrative and Guest Privileges
- 62 Changing Administrative Passwords and Timeouts
- 64 Configuring Remote Management Access
- 65 Using an SNMP Manager
- 67 Supported MIB Browsers
- 67 Managing the Configuration File
- 68 Backing Up Settings
- 69 Restoring Settings
- 70 Reverting to Factory Default Settings
- 71 Updating the Software
- 71 Scheduling Updates
- 73 Performing a Manual Update
- 74 Critical Updates That Require a Restart
- 74 Configuring Date and Time Service
- 76 Managing Digital Certificates
- 78 Managing the Certificate for HTTPS Scans
- 79 Managing Trusted Certificates
- 80 Managing Untrusted Certificates
- 81 Managing the Quarantine Settings
- 82 Managing the STM’s Performance
- 84 About Content Filtering and Scans
- 85 Default Email and Web Scan Settings
- 87 Configuring Email Protection
- 87 Customizing Email Protocol Scan Settings
- 88 Customizing Email Anti-Virus Settings
- 94 Email Content Filtering
- 97 Protecting Against Email Spam
- 105 Configuring Web and Services Protection
- 105 Customizing Web Protocol Scan Settings
- 107 Configuring Web Malware Scans
- 109 Configuring Web Content Filtering
- 116 Configuring Web URL Filtering
- 119 HTTPS Scan Settings
- 124 Specifying Trusted Hosts
- 125 Configuring FTP Scans
- 127 Configuring Application Control
- 130 Setting Scanning Exclusions and Web Access Exceptions
- 130 Setting Scanning Exclusions
- 132 Setting Access Exception Rules for Web Access
- 139 Creating Custom Groups for Web Access Exceptions
- 142 Creating Custom Categories for Web Access Exceptions
- 147 About Users, Groups, and Domains
- 148 Configuring Groups
- 149 Creating and Deleting Groups by Name
- 150 Editing Groups by Name
- 151 Creating and Deleting Groups by IP Address and Subnet
- 152 Configuring User Accounts
- 153 Creating and Deleting User Accounts
- 154 Editing User Accounts
- 154 Configuring Authentication
- 155 Understanding the STM’s Authentication Options
- 157 Understanding Active Directories and LDAP Configurations
- 161 Creating and Deleting LDAP and Active Directory Domains
- 164 Editing LDAP and Active Directory Domains
- 164 Understanding the ProSecure DC Agent
- 165 Requirements for the ProSecure DC Agent Software and DC Agent Server
- 165 Downloading ProSecure DC Agent Software, and Creating and Deleting DC Agents
- 167 Creating and Deleting RADIUS Domains
- 169 Editing RADIUS Domains and Configuring VLANs
- 170 Global User Settings
- 172 Viewing and Logging Out Active Users
- 175 Configuring Logging, Alerts, and Event Notifications
- 176 Configuring the Email Notification Server
- 177 Configuring and Activating System, Email, and Syslog Logs
- 182 Configuring Alerts
- 184 Monitoring Real-Time Traffic, Security, Statistics, and Web Usage
- 184 Understanding the Information on the Dashboard Screen
- 190 Monitoring Web Usage
- 192 Viewing System Status
- 194 Querying Logs
- 199 Example: Using Logs to Identify Infected Clients
- 199 Log Management
- 200 Viewing, Scheduling, and Generating Reports
- 200 Report Templates
- 202 Generating Reports for Downloading
- 203 Scheduling Automatic Generation and Emailing of Reports
- 204 Advanced Report Filtering Options
- 208 Viewing and Managing the Quarantine Files
- 215 Using Diagnostics Utilities
- 216 Using the Network Diagnostic Tools
- 217 Using the Realtime Traffic Diagnostics Tool
- 218 Gathering Important Log Information and Generating a Network Statistics Report
- 219 Restarting and Shutting Down the STM
- 222 Basic Functioning
- 222 Power LED Not On
- 222 Test LED or Status LED Never Turns Off
- 223 LAN or WAN Port LEDs Not On
- 223 Troubleshooting the Web Management Interface
- 224 When You Enter a URL or IP Address a Time-Out Error Occurs
- 224 Troubleshooting a TCP/IP Network Using a Ping Utility
- 225 Testing the LAN Path to Your STM
- 225 Testing the Path from Your PC to a Remote Device
- 226 Restoring the Default Configuration and Password
- 227 Problems with Date and Time
- 227 Using Online Support
- 227 Enabling Remote Troubleshooting
- 228 Installing Hot Fixes
- 229 Sending Suspicious Files to NETGEAR for Analysis
- 230 Accessing the Knowledge Base and Documentation