NETGEAR STM150EW-100NAS Router User Manual


 
Content Filtering and Optimizing Scans
241
ProSecure Unified Threat Management (UTM) Appliance
Private protocols
Social networks
Control is set for entire categories of applications (for example, to block gaming during
business hours), for individual applications (for example, to allow Skype but block some other
applications), or for a combination of both. Individual application rules take priority over
category rules. After you have allowed or blocked applications, you can easily create
exceptions for individual users and groups of users (see Set Exception Rules for Web and
Application Access on page 248).
Application control is disabled by default. When you enable application control, you can
either use a single global profile or create multiple custom profiles:
Global profile. There is a single global application control profile. All traffic between the
WAN and LAN is scanned according to the settings in the global profile. The global profile
functions as a standalone control engine; you do not assign the global profile to a firewall
rule.
Custom profiles. There are no default custom application control profiles; you need to
create custom profiles. A custom application control profile takes effect only after it has
been assigned to a firewall rule and the firewall rule has been enabled. Traffic that
matches the firewall rule is scanned according to the settings in the custom profile.
For any profile, you can configure which categories of applications and individual applications
are allowed and blocked, and you can even differentiate between application login and
application connection. Traffic that does not match a profile is not scanned.
After you have configured a custom application control profile, you can assign it to firewall
rules on the following screens:
Add LAN WAN Outbound Services screen (see Figure 68 on page 141).
Add LAN WAN Inbound Services screen (see Figure 69 on page 142).
Add DMZ WAN Outbound Services screen (see Figure 71 on page 144).
Add DMZ WAN Inbound Services screen (see Figure 72 on page 145).