NETGEAR UTM5EW-100NAS Router User Manual


 
Firewall Protection
188
ProSecure Unified Threat Management (UTM) Appliance
3. Click Apply to save your settings.
Note: Traffic that passes on the UTM’s VLANs and on the secondary IP
addresses that you have configured on the LAN Multi-homing
screen (see Configure Multihome LAN IP Addresses on the Default
VLAN on page 109) is also scanned by the IPS.
Detect DDoS Detect the action that is taken when the UTM detects a DDoS attack:
Alert. An alert is emailed to the administrator that is specified on the Email
Notification screen.
Disable. DDoS attack detection is disabled.
Block Source IP for. The IP address of the attacking computer is blocked for
the duration that you specify in the Seconds field. The default setting is
300 seconds. This is the default setting.
Security Category Settings
This section displays the different categories of attacks such as Web, Mail, Databases, and so on. The
Action column shows the default settings (Disable, Drop, or Alert).
In the Action column for each category, either select the actions for individual attacks by making selections
from the drop-down lists to the right of the names, or select a global action for all attacks for that category by
making a selection from the top drop-down list for that category. Some of the less familiar web and
miscellaneous attacks are explained in Table 40 on page 190.
The drop-down lists let you select one of the following actions:
Disable. The application is not controlled by the IPS.
Drop. The traffic that carries the attack is dropped, and an alert is logged.
Alert. An alert is logged but the traffic that carries the attack is not dropped.
The default action for all attacks is Disabled, except for the following attacks, for which the default action is
Drop:
Web attacks: XSS, IIS, Apache, PHP, CGI, Web-Client, Web-Attack, Web-Misc.
Databases: SQL-injection.
Misc: ShellCode.
Table 39. IPS screen settings (continued)
Setting Description